{"id":"CVE-2020-12272","details":"OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.","modified":"2026-03-20T11:31:40.410721Z","published":"2020-04-27T14:15:11.330Z","related":["MGASA-2021-0462","openSUSE-SU-2024:11576-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBOGOQOK3TIWWJV66MW5YWNRJAFFYGR5/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00035.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2D4JGHMALEJEWWG56DKR5OZB22TK7W5B/"},{"type":"ADVISORY","url":"https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf"},{"type":"EVIDENCE","url":"https://sourceforge.net/p/opendmarc/tickets/237/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/trusteddomainproject/opendmarc","events":[{"introduced":"44b92727f8fc60e9481ef319c186387f8a8b6aa1"},{"last_affected":"0d65077648569076c103b73f30ca86c14e1811a5"},{"introduced":"0"},{"last_affected":"a29adab78ea9b6625066fdc482eae0ec6aa19ca6"},{"introduced":"0"},{"last_affected":"12d9064bef02f152df233fab2f4bd863f0c28820"},{"introduced":"0"},{"last_affected":"363e4a82231b4366bdb92e72e612331ecda70c01"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"last_affected":"1.3.2"},{"introduced":"0"},{"last_affected":"1.4.0-NA"},{"introduced":"0"},{"last_affected":"1.4.0-beta0"},{"introduced":"0"},{"last_affected":"1.4.0-beta1"}]}}],"versions":["draft-dmarc-base-00-03","draft-dmarc-base-03","rel-opendmarc-1-0-0","rel-opendmarc-1-0-1","rel-opendmarc-1-1-0","rel-opendmarc-1-1-0-Beta0","rel-opendmarc-1-1-0-Beta1","rel-opendmarc-1-1-0-Beta2","rel-opendmarc-1-1-1","rel-opendmarc-1-1-2","rel-opendmarc-1-1-3","rel-opendmarc-1-2-0","rel-opendmarc-1-2-0-Beta0","rel-opendmarc-1-2-0-Beta1","rel-opendmarc-1-2-0-Beta2","rel-opendmarc-1-2-0-Beta3","rel-opendmarc-1-2-1-Beta0","rel-opendmarc-1-2-1-Beta1","rel-opendmarc-1-2-1-Beta2","rel-opendmarc-1-3-0","rel-opendmarc-1-3-0-Beta0","rel-opendmarc-1-3-0-Beta1","rel-opendmarc-1-3-0-Beta2","rel-opendmarc-1-3-0-Beta3","rel-opendmarc-1-3-0-Beta4","rel-opendmarc-1-3-1","rel-opendmarc-1-3-1-Beta0","rel-opendmarc-1-3-1-Beta1","rel-opendmarc-1-3-2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12272.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}