9.8

CVE-2017-16943

Medienbericht
Exploit
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EximExim Version4.88 Update-
EximExim Version4.89 Update-
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 46.71% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
12.05.2026 20:20
http://www.openwall.com/lists/oss-security/2021/05/04/7
http://openwall.com/lists/oss-security/2017/11/25/1
Mailing List
http://openwall.com/lists/oss-security/2017/11/25/2
Mailing List
http://openwall.com/lists/oss-security/2017/11/25/3
Mailing List
http://www.securitytracker.com/id/1039872
Third Party Advisory
VDB Entry
https://bugs.exim.org/show_bug.cgi?id=2199
Exploit
Issue Tracking
https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde
Patch
https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
Patch
https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944
Exploit
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
Mailing List
https://www.debian.org/security/2017/dsa-4053
Third Party Advisory