CVE-2013-2125

Published: May 27, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.

Affected (1)

Products: Openbsd: Opensmtpd

Openbsd

1 product

Opensmtpd

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openbsd Opensmtpd	Up to 5.3.1

Related CWEs

CWE-310

References (12)

http://git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe24ad747bf9d591330d683728b0

Source: secalert@redhat.com

ExploitPatch

http://osvdb.org/93495

Source: secalert@redhat.com

http://seclists.org/oss-sec/2013/q2/362

Source: secalert@redhat.com

Exploit

http://seclists.org/oss-sec/2013/q2/366

Source: secalert@redhat.com

http://secunia.com/advisories/53353

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/84388

Source: secalert@redhat.com

http://git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe24ad747bf9d591330d683728b0