CVE-2003-0743 — Improper Restriction of Operations within the Bounds of a Memory Buffer in OF Cambridge Exim

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

7.0%

top 8.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

University OF Cambridge Exim

Timeline

PublishedOct 20

Latest updateApr 29

Description

Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDuniversity_of_cambridge/exim25 versions+24

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-gjpp-m73q-mp4j: Heap-based buffer overflow in smtp_in↗2022-04-29

▶