Invalid Free Vulnerability in Exim Email Server by Exim
CVE-2022-37451

7.5HIGH

Key Information:

Vendor

Exim

Status
Exim
Vendor
CVE Published:
6 August 2022

What is CVE-2022-37451?

An invalid free vulnerability exists in the authentication handling of Exim email server. Specifically, the issue arises in the pam_converse function due to a misuse of memory management where store_free is not called after the store_malloc function. This flaw can potentially lead to unexpected behavior or other security risks related to memory corruption in systems running Exim versions prior to 4.96. Users and administrators are advised to upgrade to the latest versions to mitigate this risk.

References

https://github.com/Exim/exim/wiki/EximSecurity
x_refsource_MISC
https://www.exim.org/static/doc/security/
x_refsource_MISC
https://github.com/ivd38/exim_invalid_free
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.