Opensmtpd
CVE-2013-2125
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.
AnalysisAI
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-310. OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. Affected products include: Openbsd Opensmtpd. Version information: before 5.3.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or e
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combi
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very signif
An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD
Same weakness CWE-310 – Cryptographic Issues
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today