Search for packages
| purl | pkg:deb/debian/sendmail@8.13.8-3%2Betch1 |
| Next non-vulnerable version | 8.17.1.9-2+deb12u2 |
| Latest non-vulnerable version | 8.17.1.9-2+deb12u2 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2cdd-ajxa-aaaq
Aliases: CVE-2009-4565 |
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
Affected by 2 other vulnerabilities. |
|
VCID-6vnz-eme3-aaac
Aliases: CVE-2014-3956 |
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. |
Affected by 1 other vulnerability. |
|
VCID-ptnv-fwch-aaag
Aliases: CVE-2023-51765 |
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T14:27:00.361566+00:00 | Debian Oval Importer | Affected by | VCID-6vnz-eme3-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:19:44.000597+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T01:28:51.513062+00:00 | Debian Oval Importer | Affected by | VCID-6vnz-eme3-aaac | None | 36.1.3 |
| 2025-06-20T23:39:38.856791+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | None | 36.1.3 |
| 2025-06-08T12:26:42.352253+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T07:20:02.452995+00:00 | Debian Oval Importer | Affected by | VCID-6vnz-eme3-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:14:18.607791+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T18:51:45.305758+00:00 | Debian Oval Importer | Affected by | VCID-6vnz-eme3-aaac | None | 36.1.0 |
| 2025-06-07T17:02:35.356234+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | None | 36.1.0 |
| 2025-04-13T01:20:54.104800+00:00 | Debian Oval Importer | Affected by | VCID-ptnv-fwch-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T00:51:26.549213+00:00 | Debian Oval Importer | Affected by | VCID-ptnv-fwch-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T21:17:11.545724+00:00 | Debian Oval Importer | Affected by | VCID-6vnz-eme3-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:12:54.463040+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T05:52:39.992768+00:00 | Debian Oval Importer | Affected by | VCID-6vnz-eme3-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:46:28.450653+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T17:29:32.730466+00:00 | Debian Oval Importer | Affected by | VCID-6vnz-eme3-aaac | None | 36.0.0 |
| 2025-04-07T15:35:52.414115+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | None | 36.0.0 |
| 2024-11-27T11:50:56.685276+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-13T06:43:11.296558+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-20T21:02:55.658553+00:00 | Debian Oval Importer | Affected by | VCID-2cdd-ajxa-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |