CVE-2020-7247

OpenSMTPD Remote Code Execution Vulnerability

smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. Vendor/Product: OpenBSD OpenSMTPD. Added to CISA KEV 2022-03-25; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2020-7247