Описание
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
A flaw was found in Exim. A remote attacker could exploit a heap corruption vulnerability, which is a type of memory error, to potentially cause the system to crash (Denial of Service) or execute unauthorized code. Further details regarding the exploitation method are expected to be released at a later date.
Отчет
This vulnerability is rated Moderate as it allows a remote attacker to exploit a heap corruption flaw. This could lead to a denial of service or arbitrary code execution. This issue impacts Exim in Community Projects, including EPEL and Fedora.
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
Exim before 4.99.1, with certain non-default rate-limit configurations ...
Exim before 4.99.1 allows remote heap corruption that will be further described on 2025-12-18.
Уязвимость почтового сервера Exim, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
8.2 High
CVSS3