CVE-2019-10149

Опубликовано: 04 июн. 2019

Источник: redhat

CVSS3: 9

Описание

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

A flaw was found in Exim, where improper validation of the recipient address in the deliver_message() function in /src/deliver.c occurred. An attacker could use this flaw to achieve remote command execution.

Отчет

Exim is vulnerable since version 4.87, therefore the version of exim package (exim-4.63) shipped with Red Hat Enterprise Linux 5 is not affected by this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	exim	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical

Дефект:

CWE-78

https://bugzilla.redhat.com/show_bug.cgi?id=1715237exim: Remote command execution in deliver_message() function in /src/deliver.c

9 Critical

CVSS3

Связанные уязвимости

CVE-2019-10149

CVSS3: 9.8

ubuntu

больше 6 лет назад

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

CVE-2019-10149

CVSS3: 9.8

nvd

больше 6 лет назад

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

CVE-2019-10149

CVSS3: 9.8

debian

больше 6 лет назад

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper v ...

openSUSE-SU-2019:1524-1

suse-cvrf

больше 6 лет назад

Security update exim

GHSA-5r7w-xvrp-rg22

CVSS3: 9.8

github

больше 3 лет назад

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

9 Critical

CVSS3