Out-of-bounds Read Vulnerability in Exim Mail Server
CVE-2020-28023

7.5HIGH

Key Information:

Vendor: Exim
Status: Exim
Vendor: CVE Published:; 6 May 2021

What is CVE-2020-28023?

The Exim Mail Server version prior to 4.94.2 is susceptible to an out-of-bounds read vulnerability. This flaw occurs within the smtp_setup_msg function, potentially exposing sensitive information from the process memory to an unauthenticated SMTP client. This presents a risk of data leakage which could compromise system security. It is imperative for administrators to upgrade to the latest version to mitigate this vulnerability and enhance the overall security posture of their mail systems.

References

https://www.exim.org/static/doc/security/CVE-2020-qualys/...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2021
Vulnerability Reserved
Oct 30, 2020