CVE-2017-16943 — Use After Free in Exim

CWE-416 — Use After Free12 documents9 sources

Severity

9.8CRITICALNVD

EPSS

76.9%

top 1.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Exim4 Debian Linux Exim

Timeline

PublishedNov 25

Latest updateMay 13

Description

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/exim4< exim4 4.89-12 (bookworm)

▶NVDexim/exim4.88, 4.89+1

Also affects: Debian Linux 9.0

Patches

Patch: git.exim.org ↗Patch: git.exim.org ↗Patch: git.exim.org ↗

🔴Vulnerability Details

GHSA

GHSA-6pmg-h497-cq5q: The receive_msg function in receive↗2022-05-13

▶

OSV

CVE-2017-16943: The receive_msg function in receive↗2017-11-25

▶

CVEList

CVE-2017-16943: The receive_msg function in receive↗2017-11-25

▶

📋Vendor Advisories

Ubuntu

Exim vulnerability↗2017-11-27

▶

Red Hat

exim: use-after-free in receive_msg function via vectors involving BDAT commands↗2017-11-23

▶

Debian

CVE-2017-16943: exim4 - The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 a...↗2017

▶

💬Community

HackerOne

Exim use-after-free vulnerability while reading mail header involving BDAT commands↗2019-11-12

▶

HackerOne

Exim handles BDAT data incorrectly and leads to crash/hang↗2019-11-12

▶

Bugzilla

CVE-2017-16943 CVE-2017-16944 exim: various flaws [epel-all]↗2017-11-27

▶

Bugzilla

CVE-2017-16943 exim: use-after-free in receive_msg function via vectors involving BDAT commands↗2017-11-27

▶

Bugzilla

CVE-2017-16943 CVE-2017-16944 exim: various flaws [fedora-all]↗2017-11-27

▶