CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0143 (1.4%)
Percentile: 80.7%
EPSS: 2026-05-06
Affects
openbsd:opensmtpdTechnical description
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.
Published: 5/27/2014, 2:55:09 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe24ad747bf9d591330d683728b0
- http://osvdb.org/93495
- http://seclists.org/oss-sec/2013/q2/362
- http://seclists.org/oss-sec/2013/q2/366
- http://secunia.com/advisories/53353
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84388
- http://git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe24ad747bf9d591330d683728b0
- http://osvdb.org/93495