This page lists publicly disclosed CVE vulnerabilities affecting trusteddomain opendmarc (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-25768 | OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c. | [email protected] | 7.5 | 0.73% | 2024-02-26 | 2026-06-17 |
| CVE-2021-34555 | OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. | [email protected] | 7.5 | 2.75% | 2021-06-10 | 2026-06-16 |
| CVE-2020-12460 | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. | [email protected] | 9.8 | 3.68% | 2020-07-27 | 2026-06-16 |
| CVE-2020-12272 | OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring. | [email protected] | 5.3 | 2.14% | 2020-04-27 | 2026-06-16 |
| CVE-2019-20790 | OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. | [email protected] | 9.8 | 2.66% | 2020-04-27 | 2026-06-16 |
| CVE-2019-16378 | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. | [email protected] | 9.8 | 2.46% | 2019-09-17 | 2026-06-16 |