CVE-2023-51764

MEDIUM EPSS 83.4%
Published Dec 24, 20232y ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Dec 24, 2023 2y ago
Last Modified Jun 17, 2026 1w ago

Description

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
83.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-345

Affected Products 8

VendorProductVersionRange
postfixpostfix* <3.5.23
postfixpostfix*≥3.6.0  –  <3.6.13
postfixpostfix*≥3.7.0  –  <3.7.9
postfixpostfix*≥3.8.0  –  <3.8.4
fedoraprojectfedora38any
fedoraprojectfedora39any
redhatenterprise_linux8.0any
redhatenterprise_linux9.0any

References 19

  • openwall.com http://www.openwall.com/lists/oss-security/2023/12/24/1
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/12/25/1
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2024/05/09/3
  • access.redhat.com https://access.redhat.com/security/cve/CVE-2023-51764
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2255563
    Issue TrackingThird Party Advisory
  • fahrplan.events.ccc.de https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html
    Technical Description
  • github.com https://github.com/duy-31/CVE-2023-51764
    ExploitThird Party Advisory
  • github.com https://github.com/eeenvik1/CVE-2023-51764
    ExploitThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/01/msg00020.html
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRLF5SOS7TP5N7FQSEK2NFNB44ISVTZC/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRLF5SOS7TP5N7FQSEK2NFNB44ISVTZC/
  • lwn.net https://lwn.net/Articles/956533/
  • sec-consult.com https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
    Technical DescriptionThird Party Advisory
  • openwall.com https://www.openwall.com/lists/oss-security/2024/01/22/1
  • postfix.org https://www.postfix.org/announcements/postfix-3.8.5.html
  • postfix.org https://www.postfix.org/smtp-smuggling.html
    ExploitMitigationVendor Advisory
  • youtube.com https://www.youtube.com/watch?v=V8KPV96g1To
    Exploit

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.