Lucene search

K
cloudlinuxCloudLinuxCLSA-2023:1697482739
HistoryOct 16, 2023 - 6:59 p.m.

exim: Fix of 2 CVEs

2023-10-1618:59:03
repo.cloudlinux.com
33
exim
spa authenticator
fix
cve-2023-42114
cve-2023-42116
out of bounds
write
read
unix

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.8%

  • CVE-2023-42114: fix possible OOB read in SPA authenticator
  • CVE-2023-42116: fix possible OOB write in SPA authenticator

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.8%