CVE-2021-34555 — Vulnetix

CVE-2021-34555 PUBLISHED CVSS 7.5 HIGH

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.

EPSS 0.49% · 65.6th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.49%

65.6th percentile

Affected Products

Vendor	Product	Versions
fedoraproject	fedora	34, 33
n/a	n/a	n/a
trusteddomain	opendmarc	1.4.1.1, 1.4.1

Timeline

Jun 10, 2021 CVE Published
Jun 11, 2021 EPSS Score
Jun 19, 2021 EPSS Score
Jul 20, 2021 EPSS Score
Aug 12, 2021 EPSS Score
Oct 11, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 10, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 11, 2022 EPSS Score
Aug 12, 2022 EPSS Score
Oct 12, 2022 EPSS Score

References

https://github.com/trusteddomainproject/OpenDMARC/issues/179 url
https://github.com/trusteddomainproject/OpenDMARC/pull/178 url
FEDORA-2021-889af802f2 vendor-advisory
FEDORA-2021-0c98725795 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-34555 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MAT4ZSWPQ5SUTMYCXRXI5SMTWL4AG7E url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZHZD4WZDYRBB2XVW2EQ4DQ2KYMAGPUO url

Open in Interactive Console →