Heap-based Buffer Overflow Vulnerability in Exim Mail Server Software
CVE-2022-37452

9.8CRITICAL

Key Information:

Vendor

Exim

Status
Exim
Vendor
CVE Published:
7 August 2022

What is CVE-2022-37452?

A vulnerability in Exim Mail Server prior to version 4.95 allows for a heap-based buffer overflow within the alias list management during the host name lookup process. When the sender_host_name is manipulated, it may lead to potential exploitation, compromising the security of the mail server. Keeping software up-to-date is crucial for mitigating such risks.

References

https://github.com/Exim/exim/wiki/EximSecurity
x_refsource_MISC
https://www.exim.org/static/doc/security/
x_refsource_MISC
https://github.com/ivd38/exim_overflow
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.