Integer Overflow Vulnerability in Exim Mail Transfer Agent
CVE-2020-28020

9.8CRITICAL

Key Information:

Vendor

Exim

Status
Exim
Vendor
CVE Published:
6 May 2021

What is CVE-2020-28020?

The Exim Mail Transfer Agent prior to version 4.92 is vulnerable to an integer overflow, which may result in a buffer overflow. This vulnerability allows unauthenticated remote attackers to exploit improper handling of continuation lines, specifically during the header-length restriction process. Successful exploitation can lead to the execution of arbitrary code, posing significant security risks to affected systems.

References

https://www.exim.org/static/doc/security/CVE-2020-qualys/...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/07/25/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/08/03/1
mailing-listx_refsource_MLIST

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.