7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.527 Medium
EPSS
Percentile
97.6%
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and
4.89 allows remote attackers to execute arbitrary code or cause a denial of
service (use-after-free) via vectors involving BDAT commands.
Author | Note |
---|---|
mdeslaur | only affects Exim 4.88 or newer in zesty, the 78_Disable-chunking-BDAT-by-default.patch patch sets chunking_advertise_hosts = by default, which disables the security issue unless the local configurations changed the default value. Probably no code execution in Ubuntu because the exim binary is built with PIE |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.527 Medium
EPSS
Percentile
97.6%