Improper Input Validation
Affecting exim4 package, versions <4.89-2+deb9u4
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
References
- Bugtraq Mailing List
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Tracker
- Gentoo Security Advisory
- MISC
- MISC
- MISC
- MLIST
- MLIST
- MLIST
- OSS security Advisory
- OSS security Advisory
- OSS security Advisory
- OSS security Advisory
- OpenSuse Security Announcement
- RedHat Bugzilla Bug
- Seclists Full Disclosure
- Security Focus
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2019-10149
- CWE
- CWE-20
- Snyk ID
- SNYK-DEBIAN9-EXIM4-349155
- Disclosed
- 05 Jun, 2019
- Published
- 05 Jun, 2019