CVE-2020-28017
published 2021-05-06CVE-2020-28017: Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
36.07%
98.3th percentile
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.94.2-1 (bookworm) | exim4 4.94.2-1 (bookworm) |
| exim | exim | < 4.94.1 | 4.94.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-28017 affects all Exim versions before 4.94.2; the vulnerable function is receive_add_recipient, triggered by an email message with an extremely large number of recipients (fifty million), causing an integer overflow leading to buffer overflow. ↗
- →CVE-2020-28017 affects all Exim versions going back to 2004 (the beginning of its Git history); any Exim instance older than 4.94.2 should be considered vulnerable. ↗
- →Use asset inventory queries to identify exposed Exim servers for prioritized patching and detection coverage. ↗
- ·Remote exploitation of CVE-2020-28017 is considered difficult due to the resource consumption required to send fifty million recipients in a single email message. ↗
- ·The Debian security tracker scopes this vulnerability as 'local', further reinforcing that practical remote exploitation is constrained. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3g7c-3hhg-325m: Exim 4 before 4
ghsa_unreviewed·2022-05-24
CVE-2020-28017 [CRITICAL] CWE-190 GHSA-3g7c-3hhg-325m: Exim 4 before 4
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
OSV
CVE-2020-28017: Exim 4 before 4
osv·2021-05-06·CVSS 9.8
CVE-2020-28017 [CRITICAL] CVE-2020-28017: Exim 4 before 4
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
Ubuntu
Exim vulnerabilities
vendor_ubuntu·2021-05-06·CVSS 9.8
CVE-2020-28011 [CRITICAL] Exim vulnerabilities
Title: Exim vulnerabilities
Summary: Several security issues were fixed in Exim.
USN-4934-1 fixed several vulnerabilities in Exim. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
CVE-2020-28026 only affected Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Exim vulnerabilities
vendor_ubuntu·2021-05-04
CVE-2020-28022 Exim vulnerabilities
Title: Exim vulnerabilities
Summary: Several security issues were fixed in Exim.
It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2020-28017: exim4 - Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_r...
vendor_debian·2020·CVSS 9.8
CVE-2020-28017 [CRITICAL] CVE-2020-28017: exim4 - Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_r...
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
Scope: local
bookworm: resolved (fixed in 4.94.2-1)
bullseye: resolved (fixed in 4.94.2-1)
forky: resolved (fixed in 4.94.2-1)
sid: resolved (fixed in 4.94.2-1)
trixie: resolved (fixed in 4.94.2-1)
No detection rules found.
No public exploits indexed.
Qualys
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server
blogs_qualys·2021-05-04
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server
## Table of Contents
About Exim
Exim Vulnerabilities
Proof of Concept
Vulnerability Summary
Technical Details
Qualys Coverage
Discover Vulnerable Exim Servers Using Qualys VMDR
Dashboard
Free 30-Day VMDR Service
Disclosure Timeline
Vendor References
Frequently Asked Questions (FAQs)
Update May 7, 2021 : Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. See the CISA announcement .
Original Post : The Qualys Research Team has discovered multiple critical vulnerabilities in the Exim mail server, some of the which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Qualys recommends security teams to apply patches for these vulnerabilities as soon as possible.
## About Exim
Qualys
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server | Qualys
blogs_qualys·2021-05-04
21Nails: Multiple Critical Vulnerabilities in Exim Mail Server | Qualys
#### Table of Contents
- About Exim
- Exim Vulnerabilities
- Proof of Concept
- Vulnerability Summary
- Technical Details
- Qualys Coverage
- Discover Vulnerable Exim Servers Using Qualys VMDR
- Dashboard
- Free 30-Day VMDR Service
- Disclosure Timeline
- Vendor References
- Frequently Asked Questions (FAQs)
Update May 7, 2021: Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. See the CISA announcement.
Original Post: The Qualys Research Team has discovered multiple critical vulnerabilities in the Exim mail server, some of the which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Qualys recommends security teams to apply patches for these vulnerabilities as soon as possible.
#
2021-05-06
Published