CVE-2013-2125 — Opensmtpd vulnerability

CWE-3105 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensmtpd Openbsd Opensmtpd

Timeline

PublishedMay 27

Latest updateMay 17

Description

OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianopensmtpd/opensmtpd< 5.3.3p1-1+3

▶NVDopenbsd/opensmtpd5.3.1

Patches

Patch: git.zx2c4.com ↗Patch: git.zx2c4.com ↗

🔴Vulnerability Details

GHSA

GHSA-63q3-5f3r-v5j4: OpenSMTPD before 5↗2022-05-17

▶

OSV

CVE-2013-2125: OpenSMTPD before 5↗2014-05-27

▶

CVEList

CVE-2013-2125: OpenSMTPD before 5↗2014-05-27

▶

📋Vendor Advisories

Debian

CVE-2013-2125: opensmtpd - OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remot...↗2013

▶