Improper Initialization in Exim Email Server
CVE-2020-28019

7.5HIGH

Key Information:

Vendor: Exim
Status: Exim
Vendor: CVE Published:; 6 May 2021

What is CVE-2020-28019?

Exim versions prior to 4.94.2 are susceptible to a vulnerability due to improper initialization in code handling certain input functions. When clients utilize BDAT instead of the standard DATA command, it can lead to recursion-based stack consumption, resulting in potential service disruption or crashes. The mishandling of functions dealing with client data poses a risk that should be mitigated by updating to a secure version.

References

https://www.exim.org/static/doc/security/CVE-2020-qualys/...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2021
Vulnerability Reserved
Oct 30, 2020