CVE-2015-7687Use After Free in Opensmtpd

CWE-416Use After Free8 documents6 sources
Severity
9.8CRITICALNVD
EPSS
10.1%
top 6.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpensmtpdOpenbsd OpensmtpdFedoraproject Fedora
Timeline
PublishedOct 16
Latest updateMay 17

Description

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianopensmtpd/opensmtpd< 5.7.3p1-1+3

Also affects: Fedora 22, 23

🔴Vulnerability Details

3
GHSA
GHSA-hmqq-mf9r-frq9: Use-after-free vulnerability in OpenSMTPD before 52022-05-17
CVEList
CVE-2015-7687: Use-after-free vulnerability in OpenSMTPD before 52017-10-16
OSV
CVE-2015-7687: Use-after-free vulnerability in OpenSMTPD before 52017-10-16

📋Vendor Advisories

1
Debian
CVE-2015-7687: opensmtpd - Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers t...2015

💬Community

3
Bugzilla
CVE-2015-7687 OpenSMTPD: multiple vulnerabilities fixed in 5.7.22015-10-05
Bugzilla
CVE-2015-7687 OpenSMTPD: multiple vulnerabilities fixed in 5.7.2 [fedora-all]2015-10-05
Bugzilla
CVE-2015-7687 OpenSMTPD: multiple vulnerabilities fixed in 5.7.2 [epel-all]2015-10-05