<p>Upgrade <code>Debian:9</code> <code>exim4</code> to version 4.89-2+deb9u2 or higher.</p>

Use After Free Affecting exim4 package, versions <4.89-2+deb9u2

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 52.7% (98^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN9-EXIM4-382955
published 25 Nov 2017
disclosed 25 Nov 2017

Report a new vulnerability Found a mistake?

Introduced: 25 Nov 2017

CVE-2017-16943 Open this link in a new tab CWE-416 Open this link in a new tab

How to fix?

Upgrade Debian:9 exim4 to version 4.89-2+deb9u2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream exim4 package and not the exim4 package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.