{"url":"http://public2.vulnerablecode.io/api/packages/98056?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-4?distro=trixie","type":"deb","namespace":"debian","name":"opensmtpd","version":"6.8.0p2-4","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.3.0p1-1","latest_non_vulnerable_version":"7.8.0p0-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102941?format=json","vulnerability_id":"VCID-67ey-pdwj-yqdr","summary":"An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD.\n\n\n\n\nThis issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62875","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1107","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11042","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11108","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11102","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62875"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62875"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119840","reference_id":"1119840","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119840"},{"reference_url":"https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html","reference_id":"opensmtpd-local-DoS.html","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-21T16:28:15Z/"}],"url":"https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875","reference_id":"show_bug.cgi?id=CVE-2025-62875","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-21T16:28:15Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98066?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2025-62875"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67ey-pdwj-yqdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140809?format=json","vulnerability_id":"VCID-97jt-4bsa-kbfz","summary":"ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29323","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19812","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19981","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19986","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29323"},{"reference_url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig","reference_id":"020_smtpd.patch.sig","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig"},{"reference_url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig","reference_id":"024_smtpd.patch.sig","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034178","reference_id":"1034178","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034178"},{"reference_url":"https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f","reference_id":"41d0eae481f538956b1f1fbadfb535043454061f","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f"},{"reference_url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h","reference_id":"envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h"},{"reference_url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h","reference_id":"envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h"},{"reference_url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h","reference_id":"envelope.c.diff?r1=1.50&r2=1.51&f=h","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h"},{"reference_url":"https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae","reference_id":"f748277ed1fc7065ae8998d61ed78b9ab1e55fae","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/","reference_id":"GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230526-0006/","reference_id":"ntap-20230526-0006","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T20:09:35Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230526-0006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98065?format=json","purl":"pkg:deb/debian/opensmtpd@7.3.0p1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.3.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/opensmtpd@7.6.0p1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.6.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2023-29323"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97jt-4bsa-kbfz"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208132?format=json","vulnerability_id":"VCID-9x5y-2z82-xkeq","summary":"OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8793","reference_id":"","reference_type":"","scores":[{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74252","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74326","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74339","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74337","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8793"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952453","reference_id":"952453","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952453"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/48139.c","reference_id":"CVE-2020-8793","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/48139.c"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/02/24/4/1","reference_id":"CVE-2020-8793","reference_type":"exploit","scores":[],"url":"https://www.openwall.com/lists/oss-security/2020/02/24/4/1"},{"reference_url":"https://usn.ubuntu.com/4294-1/","reference_id":"USN-4294-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4294-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4875-1/","reference_id":"USN-USN-4875-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4875-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98064?format=json","purl":"pkg:deb/debian/opensmtpd@6.6.4p1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.6.4p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98058?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98056?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/opensmtpd@7.6.0p1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.6.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2020-8793"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9x5y-2z82-xkeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204065?format=json","vulnerability_id":"VCID-dyjg-9j3h-hkgf","summary":"Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7687","reference_id":"","reference_type":"","scores":[{"value":"0.10142","scoring_system":"epss","scoring_elements":"0.93271","published_at":"2026-06-11T12:55:00Z"},{"value":"0.10142","scoring_system":"epss","scoring_elements":"0.93293","published_at":"2026-06-12T12:55:00Z"},{"value":"0.10142","scoring_system":"epss","scoring_elements":"0.93295","published_at":"2026-06-13T12:55:00Z"},{"value":"0.10142","scoring_system":"epss","scoring_elements":"0.93296","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7687"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800787","reference_id":"800787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800787"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98061?format=json","purl":"pkg:deb/debian/opensmtpd@5.7.3p1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@5.7.3p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98058?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98056?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/opensmtpd@7.6.0p1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.6.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-7687"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyjg-9j3h-hkgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179854?format=json","vulnerability_id":"VCID-ebmw-2wfb-67ae","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8794","reference_id":"","reference_type":"","scores":[{"value":"0.88136","scoring_system":"epss","scoring_elements":"0.99507","published_at":"2026-06-11T12:55:00Z"},{"value":"0.88136","scoring_system":"epss","scoring_elements":"0.99509","published_at":"2026-06-13T12:55:00Z"},{"value":"0.88136","scoring_system":"epss","scoring_elements":"0.9951","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8794"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952453","reference_id":"952453","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952453"},{"reference_url":"https://security.archlinux.org/ASA-202002-13","reference_id":"ASA-202002-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202002-13"},{"reference_url":"https://security.archlinux.org/AVG-1105","reference_id":"AVG-1105","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1105"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48185.rb","reference_id":"CVE-2020-8794","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48185.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/openbsd/remote/48140.c","reference_id":"CVE-2020-8794","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/openbsd/remote/48140.c"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/local/opensmtpd_oob_read_lpe.rb","reference_id":"CVE-2020-8794","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/local/opensmtpd_oob_read_lpe.rb"},{"reference_url":"https://www.qualys.com/2020/02/24/cve-2020-8794/lpe-rce-opensmtpd-default-install-exploit.c","reference_id":"CVE-2020-8794","reference_type":"exploit","scores":[],"url":"https://www.qualys.com/2020/02/24/cve-2020-8794/lpe-rce-opensmtpd-default-install-exploit.c"},{"reference_url":"https://usn.ubuntu.com/4294-1/","reference_id":"USN-4294-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4294-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4875-1/","reference_id":"USN-USN-4875-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4875-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98064?format=json","purl":"pkg:deb/debian/opensmtpd@6.6.4p1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.6.4p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98058?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98056?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/opensmtpd@7.6.0p1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.6.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2020-8794"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebmw-2wfb-67ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183399?format=json","vulnerability_id":"VCID-fa3t-c82f-uydg","summary":"Multiple vulnerabilities have been found in OpenSMTPD, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35679","reference_id":"","reference_type":"","scores":[{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85302","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85354","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85363","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85355","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35679"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978038","reference_id":"978038","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978038"},{"reference_url":"https://security.archlinux.org/ASA-202101-18","reference_id":"ASA-202101-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-18"},{"reference_url":"https://security.archlinux.org/AVG-1381","reference_id":"AVG-1381","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1381"},{"reference_url":"https://security.gentoo.org/glsa/202105-12","reference_id":"GLSA-202105-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98062?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98058?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98056?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/opensmtpd@7.6.0p1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.6.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35679"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fa3t-c82f-uydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202796?format=json","vulnerability_id":"VCID-ss62-qvz1-3qau","summary":"OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2125","reference_id":"","reference_type":"","scores":[{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.81063","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.81123","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.81131","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.81121","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98057?format=json","purl":"pkg:deb/debian/opensmtpd@5.3.3p1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@5.3.3p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98058?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98056?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/opensmtpd@7.6.0p1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.6.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss62-qvz1-3qau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183400?format=json","vulnerability_id":"VCID-thgt-7k4x-xqam","summary":"Multiple vulnerabilities have been found in OpenSMTPD, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35680","reference_id":"","reference_type":"","scores":[{"value":"0.05798","scoring_system":"epss","scoring_elements":"0.90712","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05798","scoring_system":"epss","scoring_elements":"0.90742","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05798","scoring_system":"epss","scoring_elements":"0.9075","published_at":"2026-06-13T12:55:00Z"},{"value":"0.05798","scoring_system":"epss","scoring_elements":"0.90749","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35680"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978039","reference_id":"978039","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978039"},{"reference_url":"https://security.archlinux.org/ASA-202101-18","reference_id":"ASA-202101-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-18"},{"reference_url":"https://security.archlinux.org/AVG-1381","reference_id":"AVG-1381","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1381"},{"reference_url":"https://security.gentoo.org/glsa/202105-12","reference_id":"GLSA-202105-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98062?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98058?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98056?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/opensmtpd@7.6.0p1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.6.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35680"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-thgt-7k4x-xqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153193?format=json","vulnerability_id":"VCID-wd2t-k79h-r7et","summary":"smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7247","reference_id":"","reference_type":"","scores":[{"value":"0.94108","scoring_system":"epss","scoring_elements":"0.99914","published_at":"2026-06-14T12:55:00Z"},{"value":"0.94108","scoring_system":"epss","scoring_elements":"0.99913","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7247"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/28/3","reference_id":"3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2020/01/28/3"},{"reference_url":"https://www.kb.cert.org/vuls/id/390745","reference_id":"390745","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"https://www.kb.cert.org/vuls/id/390745"},{"reference_url":"https://usn.ubuntu.com/4268-1/","reference_id":"4268-1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"https://usn.ubuntu.com/4268-1/"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Jan/49","reference_id":"49","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"http://seclists.org/fulldisclosure/2020/Jan/49"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/51","reference_id":"51","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"https://seclists.org/bugtraq/2020/Jan/51"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950121","reference_id":"950121","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950121"},{"reference_url":"https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45","reference_id":"9dcfda045474d8903224d175907bfc29761dcb45","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45"},{"reference_url":"https://security.archlinux.org/ASA-202001-6","reference_id":"ASA-202001-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202001-6"},{"reference_url":"https://security.archlinux.org/AVG-1090","reference_id":"AVG-1090","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1090"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/47984.py","reference_id":"CVE-2020-7247","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/47984.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/48038.rb","reference_id":"CVE-2020-7247","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/48038.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/openbsd/remote/48051.pl","reference_id":"CVE-2020-7247","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/openbsd/remote/48051.pl"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/smtp/opensmtpd_mail_from_rce.rb","reference_id":"CVE-2020-7247","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/smtp/opensmtpd_mail_from_rce.rb"},{"reference_url":"https://www.debian.org/security/2020/dsa-4611","reference_id":"dsa-4611","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"https://www.debian.org/security/2020/dsa-4611"},{"reference_url":"http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html","reference_id":"OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html","reference_id":"OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html","reference_id":"OpenSMTPD-6.6.1-Local-Privilege-Escalation.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html"},{"reference_url":"http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html","reference_id":"OpenSMTPD-6.6.2-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html","reference_id":"OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/","reference_id":"OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"},{"reference_url":"https://www.openbsd.org/security.html","reference_id":"security.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:20:39Z/"}],"url":"https://www.openbsd.org/security.html"},{"reference_url":"https://usn.ubuntu.com/USN-4875-1/","reference_id":"USN-USN-4875-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4875-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98063?format=json","purl":"pkg:deb/debian/opensmtpd@6.6.2p1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.6.2p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98058?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98056?format=json","purl":"pkg:deb/debian/opensmtpd@6.8.0p2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"},{"vulnerability":"VCID-97jt-4bsa-kbfz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/opensmtpd@7.6.0p1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67ey-pdwj-yqdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.6.0p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/opensmtpd@7.8.0p0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@7.8.0p0-2%3Fdistro=trixie"}],"aliases":["CVE-2020-7247"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wd2t-k79h-r7et"}],"risk_score":"2.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensmtpd@6.8.0p2-4%3Fdistro=trixie"}