7.5

CVE-2020-12783

Exploit
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EximExim Version <= 4.93
FedoraprojectFedora Version31
FedoraprojectFedora Version32
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.55% 0.905
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.openwall.com/lists/oss-security/2021/05/04/7
Third Party Advisory
Exploit
Mailing List
https://bugs.exim.org/show_bug.cgi?id=2571
Third Party Advisory
https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86
Patch
Third Party Advisory
https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/
https://usn.ubuntu.com/4366-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4687
Third Party Advisory