Denial of Service Vulnerability in OpenSMTPD by OpenBSD
CVE-2013-2125

Currently unrated

Key Information:

Vendor: OpenBSD
Status: Opensmtpd
Vendor: CVE Published:; 27 May 2014

What is CVE-2013-2125?

OpenSMTPD, an email server developed by OpenBSD, is susceptible to a denial of service condition due to improper handling of SSL sessions. Remote adversaries can exploit this vulnerability by keeping an SSL connection open, effectively blocking new connections to the server. This can lead to service unavailability, as legitimate users may be unable to access email functionalities. Implementing patches and monitoring connection behaviors are essential to mitigate risks associated with this vulnerability.

References

http://seclists.org/oss-sec/2013/q2/362

mailing-listx_refsource_MLIST

http://git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe2...

x_refsource_CONFIRM

http://secunia.com/advisories/53353

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2014
Vulnerability Reserved
Feb 19, 2013