Lookup for vulnerable packages by Package URL.
| Purl | pkg:deb/debian/ssmtp@2.64-12?distro=trixie |
|---|
| Type | deb |
|---|
| Namespace | debian |
|---|
| Name | ssmtp |
|---|
| Version | 2.64-12 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 2.66-1 |
|---|
| Latest_non_vulnerable_version | 2.66-1 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-7t84-1e81-v3dx |
| vulnerability_id |
VCID-7t84-1e81-v3dx |
| summary |
The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3962 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70083 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70124 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70133 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70114 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70102 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00608 |
| scoring_system |
epss |
| scoring_elements |
0.70125 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3962 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3962
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7t84-1e81-v3dx |
|
| 1 |
| url |
VCID-anb9-qc28-ebc8 |
| vulnerability_id |
VCID-anb9-qc28-ebc8 |
| summary |
Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2004-0156 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0165 |
| scoring_system |
epss |
| scoring_elements |
0.82347 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0165 |
| scoring_system |
epss |
| scoring_elements |
0.82376 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0165 |
| scoring_system |
epss |
| scoring_elements |
0.82374 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.0165 |
| scoring_system |
epss |
| scoring_elements |
0.82367 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.0165 |
| scoring_system |
epss |
| scoring_elements |
0.82382 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2004-0156 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2004-0156
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-anb9-qc28-ebc8 |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:deb/debian/ssmtp@2.64-12%3Fdistro=trixie |
|---|