Уязвимость CVE-2019-16928: Информация
Описание
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Важность: CRITICAL (9,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f |
|
https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html |
|
https://bugs.exim.org/show_bug.cgi?id=2449 |
|
[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow |
|
[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow |
|
[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow |
|
DSA-4536 |
|
USN-4141-1 |
|
[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow |
|
20190929 [SECURITY] [DSA 4536-1] exim4 security update |
|
GLSA-202003-47 |
|
FEDORA-2019-006dfc94cd | |
FEDORA-2019-e080507ba5 | |
FEDORA-2019-d778bd4137 |