{"id":"CVE-2015-7687","details":"Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.","modified":"2026-04-10T03:45:27.509337Z","published":"2017-10-16T18:29:00Z","references":[{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170448.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169600.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2015/10/03/1"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/76975"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268793"},{"type":"ADVISORY","url":"https://www.opensmtpd.org/announces/release-5.7.2.txt"},{"type":"ADVISORY","url":"https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2015/10/03/1"},{"type":"ARTICLE","url":"https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt"},{"type":"EVIDENCE","url":"https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268793"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}