VulnerableCode Package Details - pkg:deb/debian/sendmail@8.15.2-22%2Bdeb11u3

Search for packages

Vulnerability	Summary	Fixed by
VCID-naz4-k1th-aaad Aliases: CVE-2021-3618	ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.	8.17.1.9-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.17.1.9-2+deb12u2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-naz4-k1th-aaad
Aliases:
CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

8.17.1.9-2
Affected by 1 other vulnerability.

8.17.1.9-2+deb12u2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-naz4-k1th-aaad	ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.	CVE-2021-3618
VCID-ptnv-fwch-aaag	sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.	CVE-2023-51765

Vulnerability

Summary

Aliases

VCID-naz4-k1th-aaad

CVE-2021-3618

VCID-ptnv-fwch-aaag

sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.

CVE-2023-51765

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T16:12:19.870905+00:00	Debian Importer	Affected by	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T15:25:34.929703+00:00	Debian Importer	Fixing	VCID-naz4-k1th-aaad	None	36.1.3
2025-06-21T06:00:05.337850+00:00	Debian Importer	Fixing	VCID-ptnv-fwch-aaag	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T23:20:23.062101+00:00	Debian Importer	Fixing	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-04-13T01:20:54.144522+00:00	Debian Oval Importer	Fixing	VCID-ptnv-fwch-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T00:51:26.596087+00:00	Debian Oval Importer	Fixing	VCID-ptnv-fwch-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-05T12:38:25.142925+00:00	Debian Importer	Affected by	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T11:57:01.903329+00:00	Debian Importer	Fixing	VCID-naz4-k1th-aaad	None	36.0.0
2025-04-05T03:14:53.139193+00:00	Debian Importer	Fixing	VCID-ptnv-fwch-aaag	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T02:00:46.523290+00:00	Debian Importer	Fixing	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-02-21T15:04:58.220423+00:00	Debian Importer	Fixing	VCID-ptnv-fwch-aaag	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-20T02:34:38.835160+00:00	Debian Importer	Affected by	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-20T02:34:38.148818+00:00	Debian Importer	Fixing	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-20T02:34:36.699826+00:00	Debian Importer	Fixing	VCID-naz4-k1th-aaad	None	35.1.0
2024-11-22T20:29:09.078213+00:00	Debian Importer	Affected by	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-10-09T19:07:16.436528+00:00	Debian Importer	Affected by	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-09-19T03:28:50.398238+00:00	Debian Importer	Affected by	VCID-naz4-k1th-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.1