CVE-2022-37451

Опубликовано: 06 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

Ссылки

https://cwe.mitre.org/data/definitions/762.html
Third Party Advisory
https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42
Patch
Third Party Advisory
https://github.com/Exim/exim/compare/exim-4.95...exim-4.96
Release Notes
Third Party Advisory
https://github.com/Exim/exim/wiki/EximSecurity
Release Notes
Third Party Advisory
https://github.com/ivd38/exim_invalid_free
Exploit
Patch
Third Party Advisory
https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html
Mailing List
Release Notes
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XSWDF4QEXD4TDWQLYQOWCHBJKTDQR4Z7/
https://www.exim.org/static/doc/security/
Vendor Advisory
https://www.openwall.com/lists/oss-security/2022/08/06/1
Mailing List
Third Party Advisory
https://cwe.mitre.org/data/definitions/762.html
Third Party Advisory
https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42
Patch
Third Party Advisory
https://github.com/Exim/exim/compare/exim-4.95...exim-4.96
Release Notes
Third Party Advisory
https://github.com/Exim/exim/wiki/EximSecurity
Release Notes
Third Party Advisory
https://github.com/ivd38/exim_invalid_free
Exploit
Patch
Third Party Advisory
https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html
Mailing List
Release Notes
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XSWDF4QEXD4TDWQLYQOWCHBJKTDQR4Z7/
https://www.exim.org/static/doc/security/
Vendor Advisory
https://www.openwall.com/lists/oss-security/2022/08/06/1
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*

Версия до 4.96 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06068

Низкий

7.5 High

CVSS3

Дефекты

CWE-763

Связанные уязвимости

CVE-2022-37451

CVSS3: 7.5

ubuntu

больше 3 лет назад

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

CVE-2022-37451

CVSS3: 7.5

redhat

больше 3 лет назад

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

CVE-2022-37451

CVSS3: 7.5

debian

больше 3 лет назад

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam ...

GHSA-968g-c3p8-6hvf

CVSS3: 7.5

github

больше 3 лет назад

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

BDU:2022-04830

CVSS3: 9.8

fstec

больше 3 лет назад

Уязвимость функции pam_converse (auths/call_pam.c) почтового сервера Exim, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 91%

0.06068

Низкий

7.5 High

CVSS3

Дефекты

CWE-763