CVE-2025-62875
Public on 2025-11-03
Modified on 2025-11-03
Description
Denial-of-Service via UNIX Domain Socket
NOTE: https://www.openwall.com/lists/oss-security/2025/10/31/3
NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/653abf00f5283a2d3247eb9aabf8987d1b2f0510 (7.8.0p0)
NOTE: 270e23a6eb upstream (7.7.0p0) made major changes to the message parsing code
NOTE: including the call to fatal(), but it is not excluded that earlier versions
NOTE: are affected by (a variant of this issue) as well.
DEBIANBUG: [1119840]
NOTE: https://www.openwall.com/lists/oss-security/2025/10/31/3
NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/653abf00f5283a2d3247eb9aabf8987d1b2f0510 (7.8.0p0)
NOTE: 270e23a6eb upstream (7.7.0p0) made major changes to the message parsing code
NOTE: including the call to fatal(), but it is not excluded that earlier versions
NOTE: are affected by (a variant of this issue) as well.
DEBIANBUG: [1119840]
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | opensmtpd | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |