{"id":"USN-6356-1","summary":"opendmarc vulnerabilities","details":"Jianjun Chen, Vern Paxson and Jian Jiang discovered that OpenDMARC\nincorrectly handled certain inputs. If a user or an automated system were\ntricked into receiving crafted inputs, an attacker could possibly use this\nto falsify the domain of an e-mails origin. (CVE-2020-12272)\n\nPatrik Lantz discovered that OpenDMARC incorrectly handled certain inputs.\nIf a user or an automated system were tricked into opening a specially\ncrafted input file, a remote attacker could possibly use this issue to\ncause a denial of service. (CVE-2020-12460)\n","modified":"2026-02-10T04:43:19Z","published":"2023-09-11T12:47:12Z","related":["UBUNTU-CVE-2020-12272","UBUNTU-CVE-2020-12460"],"upstream":["CVE-2020-12272","CVE-2020-12460","UBUNTU-CVE-2020-12272","UBUNTU-CVE-2020-12460"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6356-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-12272"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-12460"}],"affected":[{"package":{"name":"opendmarc","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/opendmarc@1.3.1+dfsg-3ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.1+dfsg-3ubuntu0.1~esm1"}]}],"versions":["1.3.1+dfsg-2","1.3.1+dfsg-3"],"ecosystem_specific":{"binaries":[{"binary_name":"libopendmarc-dev","binary_version":"1.3.1+dfsg-3ubuntu0.1~esm1"},{"binary_name":"libopendmarc2","binary_version":"1.3.1+dfsg-3ubuntu0.1~esm1"},{"binary_name":"opendmarc","binary_version":"1.3.1+dfsg-3ubuntu0.1~esm1"},{"binary_name":"rddmarc","binary_version":"1.3.1+dfsg-3ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2020-12272","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2020-12460","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6356-1.json"}},{"package":{"name":"opendmarc","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/opendmarc@1.3.2-3ubuntu0.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-3ubuntu0.2"}]}],"versions":["1.3.2-2","1.3.2-3","1.3.2-3ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libopendmarc-dev","binary_version":"1.3.2-3ubuntu0.2"},{"binary_name":"libopendmarc2","binary_version":"1.3.2-3ubuntu0.2"},{"binary_name":"opendmarc","binary_version":"1.3.2-3ubuntu0.2"},{"binary_name":"rddmarc","binary_version":"1.3.2-3ubuntu0.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2020-12272","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2020-12460","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6356-1.json"}},{"package":{"name":"opendmarc","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/opendmarc@1.3.2-7ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-7ubuntu0.1"}]}],"versions":["1.3.2-6","1.3.2-7"],"ecosystem_specific":{"binaries":[{"binary_name":"libopendmarc-dev","binary_version":"1.3.2-7ubuntu0.1"},{"binary_name":"libopendmarc2","binary_version":"1.3.2-7ubuntu0.1"},{"binary_name":"opendmarc","binary_version":"1.3.2-7ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2020-12272","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2020-12460","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6356-1.json"}}],"schema_version":"1.7.3"}