Openbsd: Security Vulnerabilities
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
CVSS Score
9.8
EPSS Score
0.101
Published
2017-10-16
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-06-19
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
CVSS Score
6.5
EPSS Score
0.188
Published
2017-06-19
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-04-27
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-04-11
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
CVSS Score
7.5
EPSS Score
0.496
Published
2017-03-27
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-03-07
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-03-07
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-03-07
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-03-07