Sendmail

sendmail

Vendor: Sendmail • 33 CVEs

CVEs (33)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-51765 3Freebsd RedhatSendmail 3Enterprise Linux FreebsdSendmail Nov 21, 2024 Dec 24, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF p...Show more sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.Show less
CVE-2021-3618 5Debian F5Fedoraproject+2 more 5Debian Linux FedoraNginx+2 more Nov 21, 2024 Mar 23, 2022 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker...Show more ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.Show less
CVE-2014-3956 4Fedoraproject FreebsdHp+1 more 4Fedora FreebsdHpux+1 more May 6, 2026 Jun 4, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered fi...Show more The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.Show less
CVE-2009-4565 1Sendmail 1Sendmail Apr 23, 2026 Jan 4, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted s...Show more sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Show less
CVE-2009-1490 1Sendmail 1Sendmail Apr 23, 2026 May 5, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
CVE-2007-2246 1Sendmail 1Sendmail Apr 23, 2026 Apr 25, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vecto...Show more Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434.Show less
CVE-2006-7176 1Sendmail 1Sendmail Apr 23, 2026 Mar 27, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote atta...Show more The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.Show less
CVE-2006-7175 1Sendmail 1Sendmail Apr 23, 2026 Mar 27, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
CVE-2006-4434 1Sendmail 1Sendmail Apr 16, 2026 Aug 29, 2006 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original...Show more Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."Show less
CVE-2006-1173 1Sendmail 1Sendmail Apr 16, 2026 Jun 7, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit...Show more Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.Show less
CVE-2006-0058 1Sendmail 1Sendmail Apr 16, 2026 Mar 22, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and mod...Show more Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.Show less
CVE-2005-2070 1Sendmail 1Sendmail Apr 16, 2026 Jun 29, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloadi...Show more The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.Show less
CVE-2003-0688 6Compaq FreebsdOpenbsd+3 more 6Freebsd IrixOpenbsd+3 more Apr 16, 2026 Oct 20, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an...Show more The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.Show less
CVE-2003-0694 11Apple CompaqFreebsd+8 more 18Advanced Message Server AixFreebsd+15 more Apr 16, 2026 Oct 6, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
CVE-2003-0681 8Apple GentooHp+5 more 14Advanced Message Server AixHp Ux+11 more Apr 16, 2026 Oct 6, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
CVE-2003-0308 2Debian Sendmail 2Debian Linux Sendmail Apr 16, 2026 May 15, 2003 N/A· v4 N/A· v3 7.2 HIGH· v2 The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
CVE-2003-0161 4Compaq HpSendmail+1 more 9Hp Ux Hp Ux Series 700Hp Ux Series 800+6 more Apr 16, 2026 Apr 2, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misin...Show more The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.Show less
CVE-2002-1337 7Gentoo HpNetbsd+4 more 9Alphaserver Sc BsdosHp Ux+6 more Apr 16, 2026 Mar 7, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of...Show more Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.Show less
CVE-2002-2423 1Sendmail 1Sendmail Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
CVE-2002-2261 1Sendmail 1Sendmail Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.

12 Next