Search for vulnerabilities
Vulnerability details: VCID-ptnv-fwch-aaag
Vulnerability ID VCID-ptnv-fwch-aaag
Aliases CVE-2023-51765
Summary sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-345 Insufficient Verification of Data Authenticity
CWE-451 User Interface (UI) Misrepresentation of Critical Information
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51765.json
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00210 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00210 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00210 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00210 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00210 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00210 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00210 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00355 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00355 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.00355 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
epss 0.04335 https://api.first.org/data/v1/epss?cve=CVE-2023-51765
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-51765
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-51765
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51765.json
https://access.redhat.com/security/cve/CVE-2023-51765
https://api.first.org/data/v1/epss?cve=CVE-2023-51765
https://bugzilla.redhat.com/show_bug.cgi?id=2255869
https://bugzilla.suse.com/show_bug.cgi?id=1218351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51765
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc
https://lists.debian.org/debian-lts-announce/2024/06/msg00004.html
https://lwn.net/Articles/956533/
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
https://www.openwall.com/lists/oss-security/2023/12/21/7
https://www.openwall.com/lists/oss-security/2023/12/22/7
https://www.youtube.com/watch?v=V8KPV96g1To
http://www.openwall.com/lists/oss-security/2023/12/24/1
http://www.openwall.com/lists/oss-security/2023/12/25/1
http://www.openwall.com/lists/oss-security/2023/12/26/5
http://www.openwall.com/lists/oss-security/2023/12/29/5
http://www.openwall.com/lists/oss-security/2023/12/30/1
http://www.openwall.com/lists/oss-security/2023/12/30/3
1059386 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059386
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2023-51765 https://nvd.nist.gov/vuln/detail/CVE-2023-51765
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51765.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-51765
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-51765
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.55146
EPSS Score 0.00173
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-03T17:14:28.284520+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-51765 34.0.0rc1