VulnerableCode Package Details - pkg:deb/debian/sendmail@8.14.4-8

Search for packages

Vulnerability	Summary	Fixed by
VCID-ptnv-fwch-aaag Aliases: CVE-2023-51765	sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.	8.15.2-22+deb11u3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.17.2-1~bpo12+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ptnv-fwch-aaag
Aliases:
CVE-2023-51765

sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.

8.15.2-22+deb11u3
Affected by 1 other vulnerability.

8.17.2-1~bpo12+1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6vnz-eme3-aaac	The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.	CVE-2014-3956

Vulnerability

Summary

Aliases

VCID-6vnz-eme3-aaac

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

CVE-2014-3956

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T14:27:00.369671+00:00	Debian Oval Importer	Fixing	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T01:28:51.519334+00:00	Debian Oval Importer	Fixing	VCID-6vnz-eme3-aaac	None	36.1.3
2025-06-08T07:20:02.459096+00:00	Debian Oval Importer	Fixing	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T18:51:45.312843+00:00	Debian Oval Importer	Fixing	VCID-6vnz-eme3-aaac	None	36.1.0
2025-04-13T01:20:54.124600+00:00	Debian Oval Importer	Affected by	VCID-ptnv-fwch-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T00:51:26.571247+00:00	Debian Oval Importer	Affected by	VCID-ptnv-fwch-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-12T21:17:11.565689+00:00	Debian Oval Importer	Fixing	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T05:52:40.012811+00:00	Debian Oval Importer	Fixing	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T17:29:32.753965+00:00	Debian Oval Importer	Fixing	VCID-6vnz-eme3-aaac	None	36.0.0