CVE-2022-37452
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
07/08/2022
Last modified:
28/10/2022
Description
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* | 4.95 (excluding) | |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743
- https://github.com/Exim/exim/compare/exim-4.94...exim-4.95
- https://github.com/Exim/exim/wiki/EximSecurity
- https://github.com/ivd38/exim_overflow
- https://lists.debian.org/debian-lts-announce/2022/08/msg00014.html
- https://www.exim.org/static/doc/security/
- https://www.openwall.com/lists/oss-security/2022/08/06/8