3 matches found
CVE-2020-7247
CVE-2020-7247 affects OpenSMTPD 6.6 (OpenBSD 6.6 and others). The smtp_mailaddr() check in smtp_session.c can pass malformed local-parts with an empty domain, due to an incorrect return value on input validation, enabling remote root code execution via a crafted SMTP session (MAIL FROM) on the de...
CVE-2015-7687
CVE-2015-7687 affects OpenSMTPD before 5.7.2, with a use-after-free in verification paths (req_ca_vrfy_smtp and req_ca_vrfy_mta). Remote attackers can cause denial of service or execute arbitrary code. Remediation: upgrade to OpenSMTPD 5.7.2 or later (per vendor release notes).
CVE-2013-2125
OpenSMTPD is affected when running versions before 5.3.2, where SSL session handling allows remote attackers to cause a denial of service by keeping a TLS connection open, leading to connection blocking. The issue is confirmed across multiple sources (OpenSMTPD/OpenVAS listing and CVE-2013-2125 r...