cbcvebase.
CVE-2005-0022
published 2005-05-02

CVE-2005-0022: Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function…

PriorityP422medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.72%
49.3th percentile
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianexim4< exim4 4.34-10 (bookworm)exim4 4.34-10 (bookworm)
university_of_cambridgeexim<= 4.40
university_of_cambridgeexim
university_of_cambridgeexim

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.