Vulnerabilities > Sendmail > Sendmail > 8.9.1

DATE CVE VULNERABILITY TITLE RISK
2023-12-24 CVE-2023-51765 Insufficient Verification of Data Authenticity vulnerability in multiple products
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
network
low complexity
sendmail freebsd redhat CWE-345
5.3
2022-03-23 CVE-2021-3618 Improper Certificate Validation vulnerability in multiple products
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates.
7.4
2014-06-04 CVE-2014-3956 Information Exposure vulnerability in multiple products
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
1.9
2010-01-04 CVE-2009-4565 Cryptographic Issues vulnerability in Sendmail
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
network
low complexity
sendmail CWE-310
7.5
2009-05-05 CVE-2009-1490 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sendmail
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
network
low complexity
sendmail CWE-119
5.0
2006-08-29 CVE-2006-4434 Use After Free vulnerability in Sendmail
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced.
network
low complexity
sendmail CWE-416
7.5
2006-06-07 CVE-2006-1173 Resource Management Errors vulnerability in Sendmail
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
network
low complexity
sendmail CWE-399
5.0
2005-06-29 CVE-2005-2070 Remote Denial Of Service Weakness in Sendmail Milter
The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.
network
low complexity
sendmail
5.0
2003-10-06 CVE-2003-0694 The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
network
low complexity
sendmail sgi apple compaq freebsd gentoo hp ibm netbsd sun turbolinux
critical
10.0
2003-10-06 CVE-2003-0681 Buffer Overflow vulnerability in Sendmail Ruleset Parsing
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
network
low complexity
sendmail apple gentoo hp ibm netbsd openbsd turbolinux
7.5