Every CVE whose affected-product data names Opensmtpd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-8794 — CVSS 9.8 (critical): OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies…
CVE-2023-29323 — CVSS 7.8 (high): ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable…
CVE-2020-35679 — CVSS 7.5 (high): smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak…
CVE-2020-35680 — CVSS 7.5 (high): smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL…
CVE-2025-62875 — CVSS 5.5 (medium): An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue…
CVE-2020-8793 — CVSS 4.7 (medium): OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an…