PRIOn knowledge basePRION:CVE-2011-1764

HistoryOct 05, 2011 - 2:56 a.m.

Format string

2011-10-0502:56:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

High

0.097 Low

EPSS

Percentile

94.8%

JSON

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

CPENameOperatorVersion
eximle4.75
eximeq2.11
eximeq4.70
eximeq4.69
eximeq4.66
eximeq4.10
eximeq3.16
eximeq3.21
eximeq3.01
eximeq3.31

Name	Operator	Version
exim	le	4.75
exim	eq	2.11
exim	eq	4.70
exim	eq	4.69
exim	eq	4.66
exim	eq	4.10
exim	eq	3.16
exim	eq	3.21
exim	eq	3.01
exim	eq	3.31

Rows per page:

1-10 of 701

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670

bugs.exim.org/show_bug.cgi?id=1106

git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

secunia.com/advisories/51155

www.debian.org/security/2011/dsa-2232

bugzilla.redhat.com/show_bug.cgi?id=702474