CVE-2023-42116

Updated: 2023-10-05 20:26:45.476274

Description:

The vulnerability was found in Exim within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Authentication is not required to exploit this vulnerability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 8.1

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS exim 4.92.3 8.1 HIGH Released CLSA-2023:1697482739 2023-10-30 09:35:10
CentOS 8.4 ELS exim 4.94.2 8.1 HIGH Released CLSA-2023:1697576165 2023-10-17 17:06:58
CentOS 8.5 ELS exim 4.94.2 8.1 HIGH Released CLSA-2023:1697576371 2023-10-17 17:06:57
CloudLinux 6 ELS exim 4.92.3 8.1 HIGH Released CLSA-2023:1697482423 2023-10-30 09:35:09
Oracle Linux 6 ELS exim 4.92.3 8.1 HIGH Released CLSA-2023:1697481196 2023-10-16 17:06:57
Ubuntu 16.04 ELS exim 4.86.2 8.1 HIGH Released CLSA-2023:1697463600 2023-10-16 11:06:46
Ubuntu 18.04 ELS exim 4.90.1 8.1 HIGH Released CLSA-2023:1697016628 2023-10-11 09:32:30