CVE-2017-16944

Beschreibung:
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a ‚.‘ character signifying the end of the content, related to the bdat_getc function.

CWE: CWE-835

CVSS-Bewertung
CVSS 2: MEDIUM – 5 (Version: 2.0)
CVSS 3: HIGH – 7.5 (Version: 3.0)

Links:

NVD – CVE-2017-16944
CVE – CVE-2017-16944

Link (max. 20) Quelle Tags
https://bugs.exim.org/show_bug.cgi?id=2201 MISC Exploit Issue Tracking Third Party Advisory
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html MISC Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2017/11/25/3 MISC Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2017/11/25/2 MISC Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2017/11/25/1 MISC Mailing List Third Party Advisory
1039873 SECTRACK Third Party Advisory VDB Entry
43184 EXPLOIT-DB Third Party Advisory VDB Entry
DSA-4053 DEBIAN Third Party Advisory Third Party Advisory
[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim MLIST Mailing List Patch Third Party Advisory
[pulsar-commits] 20210419 [pulsar] branch master updated: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261) MLIST Mailing List Patch Third Party Advisory
[bookkeeper-issues] 20210421 [GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 MLIST Mailing List Third Party Advisory
[bookkeeper-issues] 20210507 [GitHub] [bookkeeper] dlg99 commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 MLIST

Quelle: NVD – CVE-2017-16944
Datum Veröffentlichung: 2017-11-25T17:29Z, Datum letzte Änderung: 2021-05-04T18:15Z