Updated: 2022-05-25 08:33:57.989196
Description:
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | HIGH | 7.2 |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| Ubuntu 16.04 ELS | exim | 4.86.2-2 | 7.8 | HIGH | Released | CLSA-2021:1640271821 | 2021-12-23 11:55:06 |