opensmtpd CVE Vulnerabilities & Metrics

Focus on opensmtpd vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About opensmtpd Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with opensmtpd. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total opensmtpd CVEs: 6
Earliest CVE date: 25 Feb 2020, 17:15 UTC
Latest CVE date: 20 Nov 2025, 16:16 UTC

Latest CVE reference: CVE-2025-62875

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical opensmtpd CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.12

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	3
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS opensmtpd CVEs

These are the five CVEs with the highest CVSS scores for opensmtpd, sorted by severity first and recency.

CVE-2020-8794 opensmtpd Published on 25 Feb 2020, 17:15 UTC (CVSS: 10.0)
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
CVE-2020-35680 opensmtpd Published on 24 Dec 2020, 16:15 UTC (CVSS: 5.0)
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
CVE-2020-35679 opensmtpd Published on 24 Dec 2020, 16:15 UTC (CVSS: 5.0)
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
CVE-2020-8793 opensmtpd Published on 25 Feb 2020, 17:15 UTC (CVSS: 4.7)
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
CVE-2025-62875 opensmtpd Published on 20 Nov 2025, 16:16 UTC (CVSS: 0)
An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.

All CVEs for opensmtpd

CVE-2025-62875 opensmtpd vulnerability CVSS: 0 20 Nov 2025, 16:16 UTC

An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.

CVE-2023-29323 opensmtpd vulnerability CVSS: 0 04 Apr 2023, 23:15 UTC

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.

CVE-2020-35680 opensmtpd vulnerability CVSS: 5.0 24 Dec 2020, 16:15 UTC

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

CVE-2020-35679 opensmtpd vulnerability CVSS: 5.0 24 Dec 2020, 16:15 UTC

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.

CVE-2020-8794 opensmtpd vulnerability CVSS: 10.0 25 Feb 2020, 17:15 UTC

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

CVE-2020-8793 opensmtpd vulnerability CVSS: 4.7 25 Feb 2020, 17:15 UTC

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.