OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems. The issue resides in the Open SMTP’s sender address validation function, called smtp_mailaddr() It can be exploited to execute arbitrary shell commands with elevated root privileges on a vulnerable server just by sending specially crafted SMTP messages to it. The flaw affects OpenBSD version 6.6.2p1 with a patch and also pushed an update for OpenBSD users.
Source: https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html