Vulnerabilities > CVE-2021-34555 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

trusteddomain

fedoraproject

CWE-476

NVD

Published: 2021-06-10

Updated: 2023-11-07

Summary

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.

Vulnerable Configurations

Part	Description	Count
Application	Trusteddomain Trusteddomain Opendmarc 1.4.1.1 Trusteddomain Opendmarc 1.4.1	2
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/trusteddomainproject/OpenDMARC/issues/179
https://github.com/trusteddomainproject/OpenDMARC/pull/178
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZHZD4WZDYRBB2XVW2EQ4DQ2KYMAGPUO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MAT4ZSWPQ5SUTMYCXRXI5SMTWL4AG7E/