CVE-2015-7687
CRITICALOpenSMTPD < 5.7.2 - Use-After-Free via req_ca_vrfy_smtp and req_ca_vrfy_mta
Title source: llmDescription
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170448.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76975
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169600.html
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1268793
Mailing List, Third Party Advisory, VDB Entry mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/03/1
Release Notes, Vendor Advisory x_refsource_confirm
https://www.opensmtpd.org/announces/release-5.7.2.txt
Scores
CVSS v3
9.8
EPSS
0.1014
EPSS Percentile
93.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (3)
fedoraproject/fedora
22
fedoraproject/fedora
23
openbsd/opensmtpd
< 5.7.1
Published
Oct 16, 2017
Tracked Since
Feb 18, 2026