CVE-2017-16943
Summary
| CVE | CVE-2017-16943 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-11-25 17:29:00 UTC |
| Updated | 2021-05-04 18:15:00 UTC |
| Description | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - 21Nails: Multiple vulnerabilities in Exim | MLIST | www.openwall.com | |
| Debian -- Security Information -- DSA-4053-1 exim4 | DEBIAN | www.debian.org | Third Party Advisory |
| git.exim.org Git - exim.git/commit | MISC | git.exim.org | Patch |
| oss-security - Re: RCE in Exim reported | MISC | openwall.com | Mailing List |
| git.exim.org Git - exim.git/commitdiff | MISC | git.exim.org | Patch |
| Bug 2199 – Exim use-after-free vulnerability while reading mail header | MISC | bugs.exim.org | Exploit, Issue Tracking |
| PoC-Exploit-Mirror/CVE-2017-16944 at master · LetUsFsck/PoC-Exploit-Mirror · GitHub | MISC | github.com | Exploit |
| Exim Use-After-Free Memory Error in SMTP Service Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| oss-security - RCE in Exim reported | MISC | openwall.com | Mailing List |
| oss-security - Re: RCE in Exim reported | MISC | openwall.com | Mailing List |
| [exim-announce] Critical Exim Security Vulnerability: disable chunking | MISC | lists.exim.org | Mailing List |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.