OpenBSD Makers of OpenBSD operating system, LibreSSL and OpenSSH
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any OpenBSD product.
RSS Feeds for OpenBSD security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in OpenBSD products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by OpenBSD Sorted by Most Security Vulnerabilities since 2018
Known Exploited OpenBSD Vulnerabilities
The following OpenBSD vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
OpenSMTPD Remote Code Execution Vulnerability |
smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. CVE-2020-7247 Exploit Probability: 94.1% |
March 25, 2022 |
The vulnerability CVE-2020-7247: OpenSMTPD Remote Code Execution Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 3 vulnerabilities in OpenBSD with an average score of 5.5 out of ten. Last year, in 2024 OpenBSD had 4 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in OpenBSD in 2025 could surpass last years number. Last year, the average CVE base score was greater by 2.60
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 3 | 5.50 |
2024 | 4 | 8.10 |
2023 | 13 | 7.44 |
2022 | 3 | 6.23 |
2021 | 6 | 6.28 |
2020 | 5 | 8.16 |
2019 | 12 | 7.38 |
2018 | 6 | 5.95 |
It may take a day or so for new OpenBSD vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenBSD Security Vulnerabilities
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating
CVE-2025-32728
3.8 - Low
- April 10, 2025
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
A flaw was found in the OpenSSH package
CVE-2025-26466
5.9 - Medium
- February 28, 2025
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Allocation of Resources Without Limits or Throttling
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled
CVE-2025-26465
6.8 - Medium
- February 18, 2025
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Detection of Error Condition Without Action
OpenBSD VMM GDTR Limits Restoration Vulnerability on Intel CPUs
CVE-2024-11149
- December 06, 2024
In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs.
OpenBSD NFS Client and Server Double Free and Uninitialized Variable Vulnerabilities
CVE-2024-10934
- November 15, 2024
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
OpenSSH Race Condition leading to RCE, known as regreSSHion
CVE-2024-6387
8.1 - High
- July 01, 2024
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Race Condition
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug
CVE-2024-29937
- April 11, 2024
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.
OpenSSH through 9.6, when common types of DRAM are used, might
CVE-2023-51767
7 - High
- December 24, 2023
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
In ssh in OpenSSH before 9.6
CVE-2023-51385
6.5 - Medium
- December 18, 2023
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Shell injection
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied
CVE-2023-51384
5.5 - Medium
- December 18, 2023
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.