CVE-2020-28009

Updated: 2023-11-04 20:06:10.94691

Description:

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.2
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
Ubuntu 16.04 ELS exim 4.86.2 7.8 HIGH Released CLSA-2021:1640271821 2021-12-23 11:55:06