VulnerableCode Package Details - pkg:alpm/archlinux/exim@4.89-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-2wh9-dmdb-aaad Aliases: CVE-2017-10140	Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.	4.89.1-1 Affected by 0 other vulnerabilities.
VCID-5mct-n1a5-aaad Aliases: CVE-2017-16944	The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.	4.89.1-1 Affected by 0 other vulnerabilities.
VCID-6p9m-9u9v-aaaa Aliases: CVE-2017-16943	The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.	4.89.1-1 Affected by 0 other vulnerabilities.
VCID-97g7-zfqp-aaag Aliases: CVE-2017-1000369	Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.	4.89.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2wh9-dmdb-aaad
Aliases:
CVE-2017-10140

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.

4.89.1-1
Affected by 0 other vulnerabilities.

VCID-5mct-n1a5-aaad
Aliases:
CVE-2017-16944

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.

4.89.1-1
Affected by 0 other vulnerabilities.

VCID-6p9m-9u9v-aaaa
Aliases:
CVE-2017-16943

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

4.89.1-1
Affected by 0 other vulnerabilities.

VCID-97g7-zfqp-aaag
Aliases:
CVE-2017-1000369

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

4.89.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:38.643723+00:00	Arch Linux Importer	Affected by	VCID-97g7-zfqp-aaag	https://security.archlinux.org/AVG-518	36.0.0
2025-03-28T07:44:38.611809+00:00	Arch Linux Importer	Affected by	VCID-2wh9-dmdb-aaad	https://security.archlinux.org/AVG-518	36.0.0
2025-03-28T07:44:38.580914+00:00	Arch Linux Importer	Affected by	VCID-6p9m-9u9v-aaaa	https://security.archlinux.org/AVG-518	36.0.0
2025-03-28T07:44:38.560488+00:00	Arch Linux Importer	Affected by	VCID-5mct-n1a5-aaad	https://security.archlinux.org/AVG-518	36.0.0
2024-09-18T01:59:42.384192+00:00	Arch Linux Importer	Affected by	VCID-97g7-zfqp-aaag	https://security.archlinux.org/AVG-518	34.0.1
2024-09-18T01:59:42.363893+00:00	Arch Linux Importer	Affected by	VCID-2wh9-dmdb-aaad	https://security.archlinux.org/AVG-518	34.0.1
2024-09-18T01:59:42.343585+00:00	Arch Linux Importer	Affected by	VCID-6p9m-9u9v-aaaa	https://security.archlinux.org/AVG-518	34.0.1
2024-09-18T01:59:42.322988+00:00	Arch Linux Importer	Affected by	VCID-5mct-n1a5-aaad	https://security.archlinux.org/AVG-518	34.0.1
2024-07-16T23:12:52.599770+00:00	Arch Linux Importer	Affected by	VCID-97g7-zfqp-aaag	https://security.archlinux.org/AVG-518	34.0.0rc4
2024-07-16T23:12:52.577829+00:00	Arch Linux Importer	Affected by	VCID-2wh9-dmdb-aaad	https://security.archlinux.org/AVG-518	34.0.0rc4
2024-07-16T23:12:52.555796+00:00	Arch Linux Importer	Affected by	VCID-6p9m-9u9v-aaaa	https://security.archlinux.org/AVG-518	34.0.0rc4
2024-07-16T23:12:52.533903+00:00	Arch Linux Importer	Affected by	VCID-5mct-n1a5-aaad	https://security.archlinux.org/AVG-518	34.0.0rc4
2024-01-03T22:25:58.138089+00:00	Arch Linux Importer	Affected by	VCID-97g7-zfqp-aaag	https://security.archlinux.org/AVG-518	34.0.0rc1
2024-01-03T22:25:58.111274+00:00	Arch Linux Importer	Affected by	VCID-2wh9-dmdb-aaad	https://security.archlinux.org/AVG-518	34.0.0rc1
2024-01-03T22:25:58.084813+00:00	Arch Linux Importer	Affected by	VCID-6p9m-9u9v-aaaa	https://security.archlinux.org/AVG-518	34.0.0rc1
2024-01-03T22:25:58.060953+00:00	Arch Linux Importer	Affected by	VCID-5mct-n1a5-aaad	https://security.archlinux.org/AVG-518	34.0.0rc1

2025-03-28T07:44:38.643723+00:00

Arch Linux Importer

Affected by

Next non-vulnerable version	4.89.1-1
Latest non-vulnerable version	4.98.2-1
Risk	10.0