Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0399 — Improper Restriction of Operations within the Bounds of a Memory Buffer in OF Cambridge Exim

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

42.1%

top 2.55%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Exim4 University OF Cambridge Exim

Timeline

PublishedJul 7

Latest updateApr 29

Description

Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/exim4< exim4 4.33-1 (bookworm)

▶NVDuniversity_of_cambridge/exim3.35

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗Patch: www.guninski.com ↗

🔴Vulnerability Details

GHSA

GHSA-rf64-vpcw-m8c6: Stack-based buffer overflow in Exim 3↗2022-04-29

▶

OSV

CVE-2004-0399: Stack-based buffer overflow in Exim 3↗2004-07-07

▶

💥Exploits & PoCs

Exploit-DB

Exim Sender 3.35 - Verification Remote Stack Buffer Overrun↗2004-05-06

▶

📋Vendor Advisories

Debian

CVE-2004-0399: exim4 - Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the ...↗2004

▶