CVE-2005-0022

2005-05-0204:00:00

mitre

web.nvd.nist.gov

cve-2005-0022

buffer overflow

exim

arbitrary code execution

spa authentication

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

Affected configurations

Nvd

Node

university_of_cambridgeeximRange≤4.40

university_of_cambridgeeximMatch4.41

university_of_cambridgeeximMatch4.42

VendorProductVersionCPE
university_of_cambridgeexim*cpe:2.3:a:university_of_cambridge:exim:*:*:*:*:*:*:*:*
university_of_cambridgeexim4.41cpe:2.3:a:university_of_cambridge:exim:4.41:*:*:*:*:*:*:*
university_of_cambridgeexim4.42cpe:2.3:a:university_of_cambridge:exim:4.42:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
university_of_cambridge	exim	*	cpe:2.3:a:university_of_cambridge:exim::::::::
university_of_cambridge	exim	4.41	cpe:2.3:a:university_of_cambridge:exim:4.41:::::::*
university_of_cambridge	exim	4.42	cpe:2.3:a:university_of_cambridge:exim:4.42:::::::*