Aggregates CVE and security vulnerability intelligence across all ssmtp-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling and vendor risk denial of service, with potential vendor impact file overwrite across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-3962 | The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message. | [email protected] | 2.6 | 1.98% | 2008-09-11 | 2026-06-16 |
| CVE-2004-0423 | The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file. | [email protected] | 2.1 | 0.30% | 2004-07-07 | 2026-06-16 |
| CVE-2004-0156 | Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code. | [email protected] | 5.0 | 3.50% | 2004-06-01 | 2026-06-16 |