{"id":"CVE-2023-29323","details":"ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.","modified":"2026-04-02T08:57:12.674852Z","published":"2023-04-04T23:15:07.347Z","references":[{"type":"WEB","url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h"},{"type":"WEB","url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h"},{"type":"WEB","url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230526-0006/"},{"type":"FIX","url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig"},{"type":"FIX","url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig"},{"type":"FIX","url":"https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f"},{"type":"FIX","url":"https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensmtpd/opensmtpd","events":[{"introduced":"0"},{"fixed":"41d0eae481f538956b1f1fbadfb535043454061f"}]},{"type":"GIT","repo":"https://github.com/openbsd/src","events":[{"introduced":"0"},{"fixed":"f748277ed1fc7065ae8998d61ed78b9ab1e55fae"}]},{"type":"GIT","repo":"https://github.com/opensmtpd/opensmtpd","events":[{"introduced":"0"},{"fixed":"41d0eae481f538956b1f1fbadfb535043454061f"}]},{"type":"GIT","repo":"https://github.com/openbsd/src","events":[{"introduced":"0"},{"fixed":"f748277ed1fc7065ae8998d61ed78b9ab1e55fae"}]}],"versions":["6.6.0","6.6.0p1","6.6.1","6.6.1p1","6.6.2","6.6.2p1","6.6.3p1","6.6.4p1","6.7.0p1","6.7.1p1","6.8.0p1-rc1","data-filter-diff1","l","master-last-working","opensmtpd-20121030110032","opensmtpd-20121030111957p1","opensmtpd-20121030150652","opensmtpd-20121106110822","opensmtpd-20121106111009p1","opensmtpd-20121107175509","opensmtpd-20121107175757p1","opensmtpd-20121113230649","opensmtpd-20121113231010p1","opensmtpd-201211152234","opensmtpd-201211152324p1","opensmtpd-201211232340","opensmtpd-201211232348p1","opensmtpd-201211261223","opensmtpd-201211261224p1","opensmtpd-201212031106","opensmtpd-201212031111p1","opensmtpd-201212081302","opensmtpd-201212081318p1","opensmtpd-201212150111","opensmtpd-201212150117p1","opensmtpd-201212171136","opensmtpd-201212171137p1","opensmtpd-201212222156","opensmtpd-201212222206p1","opensmtpd-201301031723","opensmtpd-201301031733p1","opensmtpd-201301050936","opensmtpd-201301050937p1","opensmtpd-201301111101","opensmtpd-201301111141","opensmtpd-201301111154p1","opensmtpd-201301191214","opensmtpd-201301191220p1","opensmtpd-201301241734","opensmtpd-201301241740p1","opensmtpd-201301241932","opensmtpd-201301241934p1","opensmtpd-201301252209","opensmtpd-201301252211p1","opensmtpd-201301281307","opensmtpd-201301281309","opensmtpd-201301281310p1","opensmtpd-201301311831","opensmtpd-201301311837p1","opensmtpd-201301312105","opensmtpd-201301312105p1","opensmtpd-201302051636","opensmtpd-201302051638p1","opensmtpd-201302141349","opensmtpd-201302141353p1","opensmtpd-201302152352","opensmtpd-201302152354p1","opensmtpd-201302212013","opensmtpd-201302212015p1","opensmtpd-201303011853p1","opensmtpd-201303201219","opensmtpd-201303201252p1","opensmtpd-201303211339","opensmtpd-201303211343p1","opensmtpd-201303221610","opensmtpd-201303221610p1","opensmtpd-201303311744","opensmtpd-201303311750p1","opensmtpd-201304041635","opensmtpd-201304041639p1","opensmtpd-201304281416","opensmtpd-201304281431p1","opensmtpd-201305171900","opensmtpd-201305171925p1","opensmtpd-201305171950p1","opensmtpd-201305241922","opensmtpd-201305241932p1","opensmtpd-201306071611","opensmtpd-201306071637p1","opensmtpd-201306211618","opensmtpd-201306211627p1","opensmtpd-201306221759","opensmtpd-201306271528","opensmtpd-201306271531p1","opensmtpd-201307061146","opensmtpd-201307091511","opensmtpd-201307091512p1","opensmtpd-201307121003","opensmtpd-201307121003p1","opensmtpd-201307151919","opensmtpd-201307151923p1","opensmtpd-201307190959","opensmtpd-201307191003p1","opensmtpd-201307191119p1","opensmtpd-201307221442","opensmtpd-201307221453p1","opensmtpd-201307290742","opensmtpd-201307290744p1","opensmtpd-201307311700","opensmtpd-201307311702p1","opensmtpd-201308201225","opensmtpd-201308201232p1","opensmtpd-201309091153","opensmtpd-201309091202p1","opensmtpd-201309121844","opensmtpd-201309121848p1","opensmtpd-201309121930","opensmtpd-201309121931p1","opensmtpd-201309201537","opensmtpd-201309201537p1","opensmtpd-201309241455","opensmtpd-201309241457p1","opensmtpd-201309241711","opensmtpd-201309241712p1","opensmtpd-201309241817","opensmtpd-201309241818p1","opensmtpd-201309251618","opensmtpd-201309251624p1","opensmtpd-201309261723","opensmtpd-201309261726p1","opensmtpd-201310031056","opensmtpd-201310031101p1","opensmtpd-201310081835","opensmtpd-201310081839p1","opensmtpd-201310101757","opensmtpd-201310101759p1","opensmtpd-201310231630","opensmtpd-201310231634p1","opensmtpd-201310241355","opensmtpd-201310241356p1","opensmtpd-201310251943","opensmtpd-201310251946p1","opensmtpd-201310281422","opensmtpd-201310281424p1","opensmtpd-201311071822","opensmtpd-201311071830p1","opensmtpd-201311181631","opensmtpd-201311181634p1","opensmtpd-201311182347p1","opensmtpd-201311201704","opensmtpd-201311201707p1","opensmtpd-201311261027","opensmtpd-201311261029p1","opensmtpd-201311270853","opensmtpd-201311270853p1","opensmtpd-201311281209","opensmtpd-201311281211p1","opensmtpd-201311292255","opensmtpd-201311292259p1","opensmtpd-201312021551","opensmtpd-201312021552p1","opensmtpd-201312021557","opensmtpd-201312021558p1","opensmtpd-201312081716","opensmtpd-201312081717p1","opensmtpd-201312131547","opensmtpd-201312131550p1","opensmtpd-201312142053","opensmtpd-201312142054p1","opensmtpd-201401061548","opensmtpd-201401061555p1","opensmtpd-201401201000","opensmtpd-201401201010p1","opensmtpd-201401201614p1","opensmtpd-201401202156","opensmtpd-201401202159p1","opensmtpd-201401231517","opensmtpd-201401231518p1","opensmtpd-201401241551","opensmtpd-201401241552p1","opensmtpd-201401311419","opensmtpd-201401311424p1","opensmtpd-201402071556","opensmtpd-201402071603p1","opensmtpd-201402271419","opensmtpd-201402271423p1","opensmtpd-201402281144","opensmtpd-201402281146p1","opensmtpd-201403051037","opensmtpd-201403051040p1","opensmtpd-201403261203","opensmtpd-201403261207p1","opensmtpd-201404151425","opensmtpd-201404151432p1","opensmtpd-201405071639","opensmtpd-201405071644p1","opensmtpd-201405121641","opensmtpd-201405121644p1","opensmtpd-201405121706","opensmtpd-201405121707p1","opensmtpd-201405142229","opensmtpd-201405142229p1","opensmtpd-201405142324","opensmtpd-201405142325p1","opensmtpd-201405202103","opensmtpd-201405202105p1","opensmtpd-201406061829","opensmtpd-201406061833p1","opensmtpd-201406110039","opensmtpd-201406110044p1","opensmtpd-201406170940p1","opensmtpd-201406190033","opensmtpd-201406190036p1","opensmtpd-201406192203","opensmtpd-201406192219p1","opensmtpd-201406192229","opensmtpd-201406192306p1","opensmtpd-201410012007","opensmtpd-201410012105p1","opensmtpd-201410040015","opensmtpd-201410040019p1","opensmtpd-201410131651","opensmtpd-201410131657p1","opensmtpd-201410152134","opensmtpd-201410152136p1","opensmtpd-201411042324","opensmtpd-201411042328p1","opensmtpd-201411052124","opensmtpd-201411052125p1","opensmtpd-201412241504","opensmtpd-201412241507p1","opensmtpd-201501060204","opensmtpd-201501060207p1","opensmtpd-201502012303","opensmtpd-201502012312p1","opensmtpd-201505091607p1","opensmtpd-201505091743","opensmtpd-201505121835","opensmtpd-201505121836p1","opensmtpd-201505241920","opensmtpd-201505241924p1","opensmtpd-201506020906","opensmtpd-201506020910p1","opensmtpd-201506112224","opensmtpd-201506112227p1","opensmtpd-201601051902","opensmtpd-201601051911p1","opensmtpd-201602031443","opensmtpd-201602031446p1","opensmtpd-201602120824","opensmtpd-201602120826p1","opensmtpd-201602131612","opensmtpd-201602131612p1","opensmtpd-201602131907p1","opensmtpd-201605221710","opensmtpd-201605221711p1","opensmtpd-201606062256","opensmtpd-201606062256p1","opensmtpd-201606062303p1","opensmtpd-201606071034p1","opensmtpd-201606152202","opensmtpd-201606152203p1","opensmtpd-201606220753","opensmtpd-201606220754p1","opensmtpd-201607021503","opensmtpd-201607021504p1","opensmtpd-201609141252","opensmtpd-201609141253p1","opensmtpd-201702130936","opensmtpd-201702130941p1","opensmtpd-201801101413","opensmtpd-201801101420p1","opensmtpd-201801101639","opensmtpd-201801101641p1","opensmtpd-5.0","opensmtpd-5.0p1","opensmtpd-5.2.1","opensmtpd-5.2.1p1","opensmtpd-5.3","opensmtpd-5.3.1","opensmtpd-5.3.1p1","opensmtpd-5.3.2","opensmtpd-5.3.2p1","opensmtpd-5.3.3","opensmtpd-5.3.3p1","opensmtpd-5.3p1","opensmtpd-5.4","opensmtpd-5.4.1","opensmtpd-5.4.1p1","opensmtpd-5.4.2","opensmtpd-5.4.2p1","opensmtpd-5.4.4","opensmtpd-5.4.4p1","opensmtpd-5.4.5","opensmtpd-5.4.5p1","opensmtpd-5.4.6","opensmtpd-5.4.6-2","opensmtpd-5.4.6p1","opensmtpd-5.7.1","opensmtpd-5.7.1p1","opensmtpd-5.7.2","opensmtpd-5.7.2p1","opensmtpd-5.7.3","opensmtpd-5.7.3p1","opensmtpd-5.7.3p2","opensmtpd-5.9.1","opensmtpd-5.9.1p1","opensmtpd-5.9.2","opensmtpd-5.9.2p1","opensmtpd-6.0.0","opensmtpd-6.0.0p1","opensmtpd-6.0.2","opensmtpd-6.0.2p1","opensmtpd-6.0.3","opensmtpd-6.0.3p1","opensmtpd-6.4.0","opensmtpd-6.4.0p1","opensmtpd-6.4.0p2","opensmtpd-6.4.1","opensmtpd-6.4.1p1","opensmtpd-6.4.1p2","opensmtpd-6.4.2","opensmtpd-6.4.2p1","opensmtpd-6.7.1p1","opensmtpd-6.8.0p1-rc1","v6.8.0p1","v6.8.0p2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"7.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"fixed":"7.1"}]},{"events":[{"introduced":"7.2"}]},{"events":[{"introduced":"0"},{"fixed":"7.0.0-portable"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29323.json","vanir_signatures":[{"digest":{"length":747,"function_hash":"4273168760489095610131962012935199391"},"id":"CVE-2023-29323-20961338","deprecated":false,"target":{"function":"ascii_load_sockaddr","file":"usr.sbin/smtpd/envelope.c"},"source":"https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae","signature_version":"v1","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["121343129352937646309753480043887538774","27658729311587092110253159157523301237","307723820120859430508451318078768283581","59631714156229265994358181693354706424","205590946201468938027881964481250129741","173102012682250654189718786747889849804","242587908472784403319446247082267485510","115864062855091883774683773787879052208","100469814400592261409416991240776914770","134598844820278463442713305635631132795","303663955460024469657064273918478829695","155325469374240793252373240125896788990","225820823196600032836275918050058074621","162806313729918849220180547291237980311","110171387971216874683292972118627036968","124538062636615419568009400263227626764","69312357083410322261306556473684039355","195865398375155136243681113047558657456","150487531236833897869106936967612127770","198447647319859300444114032015201799415"]},"id":"CVE-2023-29323-9b117514","deprecated":false,"target":{"file":"usr.sbin/smtpd/envelope.c"},"source":"https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae","signature_version":"v1","signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}