CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-7687

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1480%
EPSS Percentile32.63th
Published2017年10月16日
Last Modified2026年5月13日

Vulnerability Description

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

Affected Platforms (CPE)

📦
Openbsd

Opensmtpd

<= 5.7.1
💻
Fedoraproject

Fedora

= 22
💻
Fedoraproject

Fedora

= 23

References & Advisories

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170448.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169600.html
🔗 http://www.openwall.com/lists/oss-security/2015/10/03/1
🔗 http://www.securityfocus.com/bid/76975
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1268793
🔗 https://www.opensmtpd.org/announces/release-5.7.2.txt
🔗 https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170448.html

関連する脆弱性情報

CVE-2020-72479.8

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute ar...

CVE-2020-87949.8

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line rep...

CVE-2020-356807.5

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (N...

CVE-2020-356797.5

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" mem...