cbcvebase.
CVE-2014-2972
published 2014-09-04

CVE-2014-2972: expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted…

PriorityP430medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.49%
38.3th percentile
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

Affected

53 ranges· showing 25
VendorProductVersion rangeFixed in
debianexim4< exim4 4.82.1-2 (bookworm)exim4 4.82.1-2 (bookworm)
eximexim<= 4.82.1
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
vendor_redhat4.6MEDIUM
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.