{"id":"CVE-2020-7247","details":"smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.","modified":"2026-04-02T02:04:41.105388Z","published":"2020-01-29T16:15:12.897Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4268-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4611"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/390745"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2020/Jan/51"},{"type":"FIX","url":"https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45"},{"type":"FIX","url":"https://www.openbsd.org/security.html"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2020/01/28/3"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2020/Jan/49"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openbsd/src","events":[{"introduced":"0"},{"fixed":"9dcfda045474d8903224d175907bfc29761dcb45"}]},{"type":"GIT","repo":"https://github.com/openbsd/src","events":[{"introduced":"0"},{"fixed":"9dcfda045474d8903224d175907bfc29761dcb45"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7247.json","vanir_signatures":[{"source":"https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45","deprecated":false,"id":"CVE-2020-7247-1439a3f1","digest":{"threshold":0.9,"line_hashes":["146958479146620846539546414962359749417","145804354479718942648469601420943504881","50866359851508526042491977853727488282","207177037661277233987566775936640071114","256454692897472681432177734798303501079","333579557200389565105833963070610317524","151964549180595370813610698553145369373","164042760444352403035042736481382744972","157779360057984813910033772595342582972","128067893643618281774819757885083806704","92864325646592764248353712193035702172","80056390225257104560475256115545599826","33586722040586328695311359832171375475","116533349178807723563281035809734756036","319598776653868670885544067356391424772","134792771592966456779690561609829698813","43264858727266399511000037806169423068"]},"signature_version":"v1","target":{"file":"usr.sbin/smtpd/smtp_session.c"},"signature_type":"Line"},{"source":"https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45","deprecated":false,"id":"CVE-2020-7247-ba7fc816","digest":{"function_hash":"81829132623799367638487615930946742238","length":902},"signature_version":"v1","target":{"file":"usr.sbin/smtpd/smtp_session.c","function":"smtp_mailaddr"},"signature_type":"Function"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}