CVE-2005-0022
published 2005-05-02CVE-2005-0022: Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function…
PriorityP422medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.72%
49.3th percentile
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.34-10 (bookworm) | exim4 4.34-10 (bookworm) |
| university_of_cambridge | exim | <= 4.40 | — |
| university_of_cambridge | exim | — | — |
| university_of_cambridge | exim | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
exim4 vulnerabilities
vendor_ubuntu·2005-01-07
CVE-2005-0022 exim4 vulnerabilities
Title: exim4 vulnerabilities
Summary: exim4 vulnerabilities
A flaw has been found in the host_aton() function, which can overflow
a buffer if it is presented with an illegal IPv6 address that has more
than 8 components. When supplying certain command line parameters, the
input was not checked, so that a local attacker could possibly exploit
the buffer overflow to run arbitrary code with the privileges of the
Exim mail server. (CAN-2005-0021)
Additionally, the BASE64 decoder in the SPA authentication handler did
not check the size of its output buffer. By sending an invalid BASE64
authentication string, a remote attacker could overflow the buffer,
which could possibly be exploited to run arbitrary code with the
privileges of the Exim mail server. (CAN-2005-0022)
Instructions: In general
Red Hat
security flaw
vendor_redhat·2005-01-04·CVSS 4.6
CVE-2005-0022 [MEDIUM] security flaw
security flaw
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
Debian
CVE-2005-0022: exim4 - Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as origi...
vendor_debian·2005·CVSS 4.6
CVE-2005-0022 [MEDIUM] CVE-2005-0022: exim4 - Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as origi...
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
Scope: local
bookworm: resolved (fixed in 4.34-10)
bullseye: resolved (fixed in 4.34-10)
forky: resolved (fixed in 4.34-10)
sid: resolved (fixed in 4.34-10)
trixie: resolved (fixed in 4.34-10)
GHSA
GHSA-gfq6-mjrf-7jp5: Buffer overflow in the spa_base64_to_bits function in Exim before 4
ghsa_unreviewed·2022-05-01
CVE-2005-0022 [MEDIUM] GHSA-gfq6-mjrf-7jp5: Buffer overflow in the spa_base64_to_bits function in Exim before 4
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
OSV
CVE-2005-0022: Buffer overflow in the spa_base64_to_bits function in Exim before 4
osv·2005-05-02·CVSS 4.6
CVE-2005-0022 [MEDIUM] CVE-2005-0022: Buffer overflow in the spa_base64_to_bits function in Exim before 4
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
No detection rules found.
No public exploits indexed.
http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44http://marc.info/?l=bugtraq&m=110824870908614&w=2http://security.gentoo.org/glsa/glsa-200501-23.xmlhttp://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.htmlhttp://www.idefense.com/application/poi/display?id=178&type=vulnerabilitieshttp://www.redhat.com/support/errata/RHSA-2005-025.htmlhttp://www.securityfocus.com/bid/12188https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11293http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44http://marc.info/?l=bugtraq&m=110824870908614&w=2http://security.gentoo.org/glsa/glsa-200501-23.xmlhttp://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.htmlhttp://www.idefense.com/application/poi/display?id=178&type=vulnerabilitieshttp://www.redhat.com/support/errata/RHSA-2005-025.htmlhttp://www.securityfocus.com/bid/12188https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11293
2005-05-02
Published