Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2023-1662
HistoryJan 18, 2023 - 8:56 p.m.

Important: exim

2023-01-1820:56:00
alas.aws.amazon.com
15
exim
use after free
patch
cve-2022-3559
vulnerability
new packages

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.007 Low

EPSS

Percentile

80.3%

JSON

Issue Overview:

A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. (CVE-2022-3559)

Affected Packages:

exim

Issue Correction:
Run yum update exim to update your system.

New Packages:

i686:  
    exim-greylist-4.92-1.34.amzn1.i686  
    exim-debuginfo-4.92-1.34.amzn1.i686  
    exim-pgsql-4.92-1.34.amzn1.i686  
    exim-mysql-4.92-1.34.amzn1.i686  
    exim-mon-4.92-1.34.amzn1.i686  
    exim-4.92-1.34.amzn1.i686  
  
src:  
    exim-4.92-1.34.amzn1.src  
  
x86_64:  
    exim-mon-4.92-1.34.amzn1.x86_64  
    exim-pgsql-4.92-1.34.amzn1.x86_64  
    exim-mysql-4.92-1.34.amzn1.x86_64  
    exim-greylist-4.92-1.34.amzn1.x86_64  
    exim-4.92-1.34.amzn1.x86_64  
    exim-debuginfo-4.92-1.34.amzn1.x86_64

Additional References

Red Hat: CVE-2022-3559

Mitre: CVE-2022-3559

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686exim-greylist< 4.92-1.34.amzn1exim-greylist-4.92-1.34.amzn1.i686.rpm
Amazon Linux1i686exim-debuginfo< 4.92-1.34.amzn1exim-debuginfo-4.92-1.34.amzn1.i686.rpm
Amazon Linux1i686exim-pgsql< 4.92-1.34.amzn1exim-pgsql-4.92-1.34.amzn1.i686.rpm
Amazon Linux1i686exim-mysql< 4.92-1.34.amzn1exim-mysql-4.92-1.34.amzn1.i686.rpm
Amazon Linux1i686exim-mon< 4.92-1.34.amzn1exim-mon-4.92-1.34.amzn1.i686.rpm
Amazon Linux1i686exim< 4.92-1.34.amzn1exim-4.92-1.34.amzn1.i686.rpm
Amazon Linux1x86_64exim-mon< 4.92-1.34.amzn1exim-mon-4.92-1.34.amzn1.x86_64.rpm
Amazon Linux1x86_64exim-pgsql< 4.92-1.34.amzn1exim-pgsql-4.92-1.34.amzn1.x86_64.rpm
Amazon Linux1x86_64exim-mysql< 4.92-1.34.amzn1exim-mysql-4.92-1.34.amzn1.x86_64.rpm
Amazon Linux1x86_64exim-greylist< 4.92-1.34.amzn1exim-greylist-4.92-1.34.amzn1.x86_64.rpm
Rows per page:
1-10 of 121

Related

nessus 7
cve 1
suse 2
veracode 1
nvd 1
cvelist 1
prion 1
cloudlinux 1
osv 1
fedora 3
ubuntucve 1
openvas 4
ubuntu 1
debiancve 1
redos 1
nessus
nessus
Amazon Linux AMI : exim (ALAS-2023-1662)
2023-01-24 00:00:00
Fedora 35 : exim (2022-ebb3db782c)
2022-12-22 00:00:00
Fedora 36 : exim (2022-6125582f45)
2022-12-23 00:00:00
cve
cve
CVE-2022-3559
2022-10-17 18:15:12
suse
suse
Security update for exim (important)
2022-11-09 00:00:00
Security update for exim (important)
2022-10-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-11-16 23:58:58
nvd
nvd
CVE-2022-3559
2022-10-17 18:15:12
cvelist
cvelist
CVE-2022-3559 Exim Regex use after free
2022-10-17 00:00:00
prion
prion
Design/Logic Flaw
2022-10-17 18:15:00
cloudlinux
cloudlinux
exim: Fix of CVE-2022-3559
2023-11-13 20:42:23
osv
osv
exim4 vulnerability
2022-11-24 14:02:15
fedora
fedora
[SECURITY] Fedora 36 Update: exim-4.96-4.fc36
2022-10-28 11:16:14
[SECURITY] Fedora 35 Update: exim-4.96-4.fc35
2022-10-28 11:45:46
[SECURITY] Fedora 37 Update: exim-4.96-5.fc37
2022-11-10 22:57:16
ubuntucve
ubuntucve
CVE-2022-3559
2022-10-17 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5741-1)
2022-11-25 00:00:00
Exim 4.87 - 4.96 Use After Free Vulnerability
2022-10-19 00:00:00
Fedora: Security Advisory for exim (FEDORA-2022-90e08c08e6)
2022-11-11 00:00:00
ubuntu
ubuntu
Exim vulnerability
2022-11-24 00:00:00
debiancve
debiancve
CVE-2022-3559
2022-10-17 18:15:12
redos
redos
ROS-20221028-01
2022-10-28 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.007 Low

EPSS

Percentile

80.3%

JSON
Related for ALAS-2023-1662
nessus7cve1suse2veracode1nvd1cvelist1prion1cloudlinux1osv1fedora3ubuntucve1openvas4ubuntu1debiancve1redos1