CVE-2012-5671 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Exim

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow11 documents9 sources

Severity

6.8MEDIUMNVD

EPSS

35.7%

top 2.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Exim4 Exim

Timeline

PublishedOct 31

Latest updateMay 17

Description

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/exim4< exim4 4.80-5.1 (bookworm)

▶NVDexim/exim9 versions+8

🔴Vulnerability Details

GHSA

GHSA-9mj7-g6p8-v73f: Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim↗2022-05-17

▶

CVEList

CVE-2012-5671: Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim↗2012-10-31

▶

OSV

CVE-2012-5671: Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim↗2012-10-31

▶

VulnCheck

Exim Exim Improper Restriction of Operations within the Bounds of a Memory Buffer↗2012

▶

📋Vendor Advisories

Ubuntu

Exim vulnerability↗2012-10-26

▶

Red Hat

exim: Heap-buffer overflow in DNS decode logic used for DKIM↗2012-10-26

▶

Debian

CVE-2012-5671: exim4 - Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in ...↗2012

▶

💬Community

Bugzilla

CVE-2012-5671 exim: Heap-buffer overflow in DNS decode logic used for DKIM [fedora-all]↗2012-10-26

▶

Bugzilla

CVE-2012-5671 exim: Heap-buffer overflow in DNS decode logic used for DKIM [epel-6]↗2012-10-26

▶

Bugzilla

CVE-2012-5671 exim: Heap-buffer overflow in DNS decode logic used for DKIM↗2012-10-25

▶