CVE-2023-42114

Updated: 2023-10-05 20:26:53.492752

Description:

An out-of-bounds read vulnerability was found in Exim within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. Authentication is not required to exploit this vulnerability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x LOW 3.7

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS exim 4.92.3 3.7 LOW Released CLSA-2023:1697482739 2023-10-30 09:35:06
CentOS 8.4 ELS exim 4.94.2 3.7 LOW Released CLSA-2023:1697576165 2023-10-17 17:06:54
CentOS 8.5 ELS exim 4.94.2 3.7 LOW Released CLSA-2023:1697576371 2023-10-17 17:06:53
CloudLinux 6 ELS exim 4.92.3 3.7 LOW Released CLSA-2023:1697482423 2023-10-30 09:35:05
Oracle Linux 6 ELS exim 4.92.3 3.7 LOW Released CLSA-2023:1697481196 2023-10-16 17:06:52
Ubuntu 16.04 ELS exim 4.86.2 3.7 LOW Released CLSA-2023:1697463600 2023-10-16 11:06:45
Ubuntu 18.04 ELS exim 4.90.1 3.7 LOW Released CLSA-2023:1697016628 2023-10-11 09:32:29