9.8
CVE-2025-67896
- EPSS 0.4%
- Veröffentlicht 14.12.2025 04:00:24
- Zuletzt bearbeitet 22.12.2025 19:15:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.32 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cve@mitre.org | 7 | 2.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
https://www.openwall.com/lists/oss-security/2025/12/11/2
https://exim.org/static/doc/security/
http://www.openwall.com/lists/oss-security/2025/12/14/1
https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt
http://www.openwall.com/lists/oss-security/2025/12/18/3