Уязвимость CVE-2019-16928: Информация

Описание

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

Важность: CRITICAL (9,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16928
Опубликовано: 28 сентября 2019 г.
Изменено: 7 ноября 2023 г.
Идентификатор типа ошибки: CWE-787

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f
  • Patch
  • Third Party Advisory
https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
  • Vendor Advisory
https://bugs.exim.org/show_bug.cgi?id=2449
  • Issue Tracking
  • Patch
  • Vendor Advisory
[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow
  • Mailing List
  • Third Party Advisory
[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow
  • Mailing List
  • Third Party Advisory
[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow
  • Mailing List
  • Third Party Advisory
DSA-4536
  • Third Party Advisory
USN-4141-1
  • Third Party Advisory
[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow
  • Mailing List
  • Third Party Advisory
20190929 [SECURITY] [DSA 4536-1] exim4 security update
  • Mailing List
  • Third Party Advisory
GLSA-202003-47
  • Third Party Advisory
FEDORA-2019-006dfc94cd
    FEDORA-2019-e080507ba5
      FEDORA-2019-d778bd4137

          1. Конфигурация 1

            cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
            Start including
            4.92
            End including
            4.92.2

            Конфигурация 2

            cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

            Конфигурация 3

            cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

            Конфигурация 4

            cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Версия: v24.5.3
        Наверх