VDB
CVE-2019-16378
CVE-2019-16378
PUBLISHED
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
EPSS 0.95% · 76.8th percentile
Risk Scores
EPSS Score
0.95%
76.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | opendmarc | 0, 1.3.2-2, 1.3.2-3 |
Exploit Intelligence
- https://github.com/trusteddomainproject/OpenDMARC/pull/48 (circl)
- https://bugs.debian.org/940081 (circl)
- https://www.openwall.com/lists/oss-security/2019/09/11/8 (circl)
- [oss-security] 20190917 Re: OpenDMARC signature bypass with multiple From addresses (circl)
- DSA-4526 (circl)
- 20190920 [SECURITY] [DSA 4526-1] opendmarc security update (circl)
- FEDORA-2019-e1f0417a24 (circl)
- FEDORA-2019-24b3f84f6e (circl)
- FEDORA-2019-6a2ca74e55 (circl)
- USN-4567-1 (circl)
Timeline
- Sep 17, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Mar 30, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-16378 third-party-advisory
- https://github.com/trusteddomainproject/OpenDMARC/pull/48 third-party-advisory
- http://www.openwall.com/lists/oss-security/2019/09/17/2 third-party-advisory
- https://bugs.debian.org/940081 third-party-advisory
- https://www.openwall.com/lists/oss-security/2019/09/11/8 third-party-advisory
- https://ubuntu.com/security/notices/USN-4567-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-16378 third-party-advisory