cbcvebase.
CVE-2017-1000369
published 2017-06-19

CVE-2017-1000369: Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers…

PriorityP418medium4CVSS 3.1
AVLACLPRNUINSUCNILAN
EPSS
0.53%
40.7th percentile
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianexim4< exim4 4.89-3 (bookworm)exim4 4.89-3 (bookworm)
eximexim<= 4.87.1
eximexim
eximexim

CVSS provenance

nvdv3.14.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv4.0MEDIUM
vendor_debian4.0MEDIUM
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.