CVE-2020-28016Out-of-bounds Write in Exim

CWE-787Out-of-bounds Write7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 64.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
EximDebian Exim4
Timeline
PublishedMay 6
Latest updateMay 24

Description

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDexim/exim4.004.94.2
debiandebian/exim4< exim4 4.94.2-1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-ggp5-gp7q-6r3v: Exim 4 before 42022-05-24
OSV
CVE-2020-28016: Exim 4 before 42021-05-06

📋Vendor Advisories

3
Ubuntu
Exim vulnerabilities2021-05-06
Ubuntu
Exim vulnerabilities2021-05-04
Debian
CVE-2020-28016: exim4 - Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is...2020

🕵️Threat Intelligence

1
Qualys
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server2021-05-04