How severe is CVE-2023-51764?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-51764?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2023-51764 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

Related Vulnerabilities

CVE-2015-9232

MEDIUM

CVSS:5.3(Medium)

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not...

CWE-3452015

CVE-2017-10862

MEDIUM

CVSS:5.3(Medium)

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.

CWE-3452017

CVE-2018-17938

MEDIUM

CVSS:5.3(Medium)

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.

CWE-3452018

CVE-2019-11737

MEDIUM

CVSS:5.3(Medium)

If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly a...

CWE-3452019

CVE-2019-12620

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is ...

CWE-3452019

CVE-2019-15162

MEDIUM

CVSS:5.3(Medium)

rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.

CWE-3452019