CVE-2020-12272

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.

References

Affected packages

Git / github.com/hoene/libmysofa

Affected ranges

Type: GIT
Repo: https://github.com/hoene/libmysofa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

33974839677da7044ef5a70be7ad5550735aae6e

Affected versions

v0,.*

v0,.4

v0.*

v0.1

v0.2

v0.3

v0.4

v0.4(Windows)

v0.5

v0.6

v0.7

v0.8

v0.9

v0.9.1

v1.*

v1.0

v1.1

v1.2

v1.2.1

v1.3

v1.3.1

v1.3.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12272.json"

Git / gitlab.gnome.org/GNOME/glib

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/glib
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

cc7ce9f9d717f19e7ad153a1c47839ff787c2cff

Affected versions

Other

FOR_GNOME_0_99_1

GLIB_1_1_0

GLIB_1_1_1

GLIB_1_1_10

GLIB_1_1_11

GLIB_1_1_12

GLIB_1_1_13

GLIB_1_1_14

GLIB_1_1_15

GLIB_1_1_16

GLIB_1_1_2

GLIB_1_1_3

GLIB_1_1_3a

GLIB_1_1_4

GLIB_1_1_5

GLIB_1_1_6

GLIB_1_1_7

GLIB_1_1_8

GLIB_1_1_8a

GLIB_1_1_9

GLIB_1_2_0

GLIB_1_3_0

GLIB_1_3_1

GLIB_1_3_2

GLIB_GNOME_0_99_1

GLIB_VERSION_1_1_3

GNOME_PRINT_0_24

PRE_CLEANUP

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12272.json"