Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system. The bug is present on many Unix-based systems, including Linux, Linux (Alpine, Arch, Debian, Fedora, CentOS) Researchers at Qualys published a technical report, noting that the issue is an out-of-bounds read report introduced in December 2015 with commit 80c6a60c. The PoC created by Qualys has been tested successfully on the current OpenBSD 6.6, OpenBSD 5.9, Debian 10.9 and Fedora 11 and Fedora 31.
Source: https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/