4

CVE-2017-1000369

EPSS 0.29%
Veröffentlicht 19.06.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Exim ≫ Exim Version <= 4.87.1

Exim ≫ Exim Version4.88 Update-

Exim ≫ Exim Version4.88 Updaterc1

Exim ≫ Exim Version4.88 Updaterc2

Exim ≫ Exim Version4.88 Updaterc3

Exim ≫ Exim Version4.88 Updaterc4

Exim ≫ Exim Version4.88 Updaterc5

Exim ≫ Exim Version4.88 Updaterc6

Exim ≫ Exim Version4.89 Update-

Exim ≫ Exim Version4.89 Updaterc1

Exim ≫ Exim Version4.89 Updaterc2

Exim ≫ Exim Version4.89 Updaterc3

Exim ≫ Exim Version4.89 Updaterc4

Exim ≫ Exim Version4.89 Updaterc5

Exim ≫ Exim Version4.89 Updaterc6

Exim ≫ Exim Version4.89 Updaterc7

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.518

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	2.5	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Third Party Advisory

http://www.debian.org/security/2017/dsa-3888

Third Party Advisory

http://www.securityfocus.com/bid/99252

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038779

Third Party Advisory

VDB Entry

https://access.redhat.com/security/cve/CVE-2017-1000369

Vendor Advisory

https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21

Third Party Advisory

Mitigation

https://security.gentoo.org/glsa/201709-19

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-1000369

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-1000369

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-1000369

EUVD