CVE-2022-37451
Summary
| CVE | CVE-2022-37451 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-06 18:15:00 UTC |
|---|
| Updated | 2023-11-07 03:49:00 UTC |
|---|
| Description | Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Index of /static/doc/security/ |
MISC |
www.exim.org |
|
| [SECURITY] Fedora 35 Update: exim-4.96-2.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| oss-security - Exim 4.95 invalid free |
MISC |
www.openwall.com |
|
| CWE -
CWE-762: Mismatched Memory Management Routines (4.6) |
MISC |
cwe.mitre.org |
|
| Comparing exim-4.95...exim-4.96 · Exim/exim · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 36 Update: exim-4.96-2.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: exim-4.96-2.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| EximSecurity · Exim/exim Wiki · GitHub |
MISC |
github.com |
|
| Fix PAM auth. Bug 2813 · Exim/exim@51be321 · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 35 Update: exim-4.96-2.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [exim] Exim 4.96 released |
MISC |
lists.exim.org |
|
| GitHub - ivd38/exim_invalid_free |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 184726 Debian Security Update for exim4 (CVE-2022-37451)
- 283097 Fedora Security Update for exim (FEDORA-2022-1ca1d22165)
- 283098 Fedora Security Update for exim (FEDORA-2022-f9a8388e62)
- 355349 Amazon Linux Security Advisory for exim : ALAS-2023-1753
