CVE-2022-37452Out-of-bounds Write in Exim

CWE-787Out-of-bounds Write6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
4.7%
top 10.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
EximDebian Linux
Timeline
PublishedAug 7
Latest updateAug 22

Description

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDexim/exim< 4.95

Also affects: Debian Linux 10.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-2xwx-3gmg-f9vj: Exim before 42022-08-08
OSV
CVE-2022-37452: Exim before 42022-08-07
CVEList
CVE-2022-37452: Exim before 42022-08-07

📋Vendor Advisories

2
Ubuntu
Exim vulnerability2022-08-22
Debian
CVE-2022-37452: exim4 - Exim before 4.95 has a heap-based buffer overflow for the alias list in host_nam...2022