CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2015-7687
https://notcve.org/view.php?id=CVE-2015-7687
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. Uso de memoria previamente liberada en OpenSMTPD en versiones anteriores a la 5.7.2 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado) o que ejecuten código arbitrario mediante vectores relacionados con req_ca_vrfy_smtp y req_ca_vrfy_mta. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170448.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169600.html http://www.openwall.com/lists/oss-security/2015/10/03/1 http://www.securityfocus.com/bid/76975 https://bugzilla.redhat.com/show_bug.cgi?id=1268793 https://www.opensmtpd.org/announces/release-5.7.2.txt https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-2125
https://notcve.org/view.php?id=CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. OpenSMTPD anterior a 5.3.2 no maneja debidamente sesiones SSL, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo de conexión) mediante una conexión que se mantiene abierta. • http://git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe24ad747bf9d591330d683728b0 http://osvdb.org/93495 http://seclists.org/oss-sec/2013/q2/362 http://seclists.org/oss-sec/2013/q2/366 http://secunia.com/advisories/53353 https://exchange.xforce.ibmcloud.com/vulnerabilities/84388 • CWE-310: Cryptographic Issues •