Out-of-bounds Read in exim4

Do your applications use this vulnerable package? Test your applications

Overview

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

References

CONFIRM
CONFIRM
CONFIRM
Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
FEDORA
FEDORA
UBUNTU

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

None

CVE: CVE-2020-12783
CWE: CWE-125
Snyk ID: SNYK-DEBIAN9-EXIM4-568862
Disclosed: 11 May, 2020
Published: 11 May, 2020

Out-of-bounds Read
Affecting exim4 package, versions <4.89-2+deb9u7

Overview

References

CVSS Score

Out-of-bounds Read Affecting exim4 package, versions <4.89-2+deb9u7

Overview

References

Out-of-bounds Read
Affecting exim4 package, versions <4.89-2+deb9u7