Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-4344

Опубликовано: 14 дек. 2010
Источник: nvd
CVSS3: 9.8
CVSS2: 9.3
EPSS Средний

Описание

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
Версия до 4.70 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.57471
Средний

9.8 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2010-4344

CVSS3: 9.8
ubuntu
больше 14 лет назад

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

redhat логотип

CVE-2010-4344

redhat
больше 14 лет назад

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

debian логотип

CVE-2010-4344

CVSS3: 9.8
debian
больше 14 лет назад

Heap-based buffer overflow in the string_vformat function in string.c ...

github логотип

GHSA-mvgg-qcrq-7wr8

github
около 3 лет назад

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

oracle-oval логотип

ELSA-2010-0970

oracle-oval
больше 14 лет назад

ELSA-2010-0970: exim security update (CRITICAL)

EPSS

Процентиль: 98%
0.57471
Средний

9.8 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787
CWE-787