Updated: 2022-05-25 08:34:04.534765
Description:
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 5 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| Ubuntu 16.04 ELS | exim | 4.86.2-2 | 7.5 | HIGH | Released | CLSA-2021:1640271821 | 2021-12-23 11:55:06 |