8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.9%
Exim Improper Neutralization of Special Elements Remote Code Execution
Vulnerability. This vulnerability allows remote attackers to execute
arbitrary code on affected installations of Exim. Authentication is not
required to exploit this vulnerability. The specific flaw exists within the
smtp service, which listens on TCP port 25 by default. The issue results
from the lack of proper validation of user-supplied data, which can result
in a memory corruption condition. An attacker can leverage this
vulnerability to execute code in the context of the current process. Was
ZDI-CAN-17554.
Author | Note |
---|---|
allenpthuang | fixes published, see ZDI’s note. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | exim4 | < 4.90.1-1ubuntu1.10+esm2 | UNKNOWN |
ubuntu | 20.04 | noarch | exim4 | < 4.93-13ubuntu1.9 | UNKNOWN |
ubuntu | 22.04 | noarch | exim4 | < 4.95-4ubuntu2.4 | UNKNOWN |
ubuntu | 23.04 | noarch | exim4 | < 4.96-14ubuntu1.3 | UNKNOWN |
ubuntu | 23.10 | noarch | exim4 | < 4.96-17ubuntu2.1 | UNKNOWN |
ubuntu | 14.04 | noarch | exim4 | < 4.82-3ubuntu2.4+esm7 | UNKNOWN |
ubuntu | 16.04 | noarch | exim4 | < 4.86.2-2ubuntu2.6+esm5 | UNKNOWN |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.9%