Loop with Unreachable Exit Condition ('Infinite Loop') in exim4

Do your applications use this vulnerable package? Test your applications

Overview

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.

References

CVE Details
Debian Security Advisory
Debian Security Tracker
Exploit DB
MISC
MISC
OSS security Advisory
OSS security Advisory
OSS security Advisory
Security Tracker
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-16944
CWE: CWE-835
Snyk ID: SNYK-DEBIAN9-EXIM4-382885
Disclosed: 25 Nov, 2017
Published: 25 Nov, 2017

Loop with Unreachable Exit Condition ('Infinite Loop')
Affecting exim4 package, versions <4.89-2+deb9u2

Overview

References

CVSS Score

Loop with Unreachable Exit Condition ('Infinite Loop') Affecting exim4 package, versions <4.89-2+deb9u2

Overview

References

Loop with Unreachable Exit Condition ('Infinite Loop')
Affecting exim4 package, versions <4.89-2+deb9u2