Lucene search

K

Redhat.comRH:CVE-2023-42114

HistorySep 30, 2023 - 6:24 p.m.

CVE-2023-42114

2023-09-3018:24:17

redhat.com

access.redhat.com

32

exim

ntlm

vulnerability

out-of-bounds read

disclosure

service account

authentication

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

28.8%

An out-of-bounds read vulnerability was found in Exim within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. Authentication is not required to exploit this vulnerability.

References

bugzilla.redhat.com/show_bug.cgi?id=2241538

nvd.nist.gov/vuln/detail/CVE-2023-42114

www.cve.org/CVERecord?id=CVE-2023-42114

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

28.8%

Related for RH:CVE-2023-42114

nvd1 redos2 osv5 veracode1 ubuntucve1 cgr1 vulnrichment1 cve1 zdi1 debiancve1 cvelist1 alpinelinux1 wolfi1 debian2 openvas10 nessus11 cloudlinux1 ubuntu1 fedora3 gentoo1 malwarebytes1 thn1