Описание
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 4.60-3ubuntu3.2 |
| devel | not-affected | 4.72-2ubuntu1 |
| hardy | released | 4.69-2ubuntu0.2 |
| karmic | released | 4.69-11ubuntu4.1 |
| lucid | not-affected | 4.71-3ubuntu1 |
| maverick | not-affected | 4.72-1ubuntu1 |
| upstream | released | 4.70 |
Показывать по
Ссылки на источники
EPSS
9.3 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Heap-based buffer overflow in the string_vformat function in string.c ...
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
EPSS
9.3 Critical
CVSS2
9.8 Critical
CVSS3