VulnerableCode Package Details - pkg:alpm/archlinux/exim@4.92-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-41q3-efr7-aaae Aliases: CVE-2019-13917	Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).	4.92.1-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-41q3-efr7-aaae
Aliases:
CVE-2019-13917

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

4.92.1-1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-4m7k-f4sy-aaae	Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.	CVE-2020-28020
VCID-mgdw-3553-aaac	A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.	CVE-2019-10149

Vulnerability

Summary

Aliases

VCID-4m7k-f4sy-aaae

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.

CVE-2020-28020

VCID-mgdw-3553-aaac

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

CVE-2019-10149

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:38.485716+00:00	Arch Linux Importer	Fixing	VCID-4m7k-f4sy-aaae	https://security.archlinux.org/AVG-1912	36.0.0
2025-03-28T07:44:25.481396+00:00	Arch Linux Importer	Fixing	VCID-mgdw-3553-aaac	https://security.archlinux.org/AVG-982	36.0.0
2025-03-28T07:44:24.666170+00:00	Arch Linux Importer	Affected by	VCID-41q3-efr7-aaae	https://security.archlinux.org/AVG-1011	36.0.0
2024-09-18T02:00:37.143736+00:00	Arch Linux Importer	Fixing	VCID-4m7k-f4sy-aaae	https://security.archlinux.org/AVG-1912	34.0.1
2024-09-18T01:59:30.468524+00:00	Arch Linux Importer	Fixing	VCID-mgdw-3553-aaac	https://security.archlinux.org/AVG-982	34.0.1
2024-09-18T01:59:29.720459+00:00	Arch Linux Importer	Affected by	VCID-41q3-efr7-aaae	https://security.archlinux.org/AVG-1011	34.0.1
2024-07-16T23:12:52.511694+00:00	Arch Linux Importer	Affected by	VCID-41q3-efr7-aaae	https://security.archlinux.org/AVG-1011	34.0.0rc4
2024-01-03T22:26:54.227078+00:00	Arch Linux Importer	Fixing	VCID-4m7k-f4sy-aaae	https://security.archlinux.org/AVG-1912	34.0.0rc1
2024-01-03T22:25:47.093635+00:00	Arch Linux Importer	Fixing	VCID-mgdw-3553-aaac	https://security.archlinux.org/AVG-982	34.0.0rc1
2024-01-03T22:25:46.443549+00:00	Arch Linux Importer	Affected by	VCID-41q3-efr7-aaae	https://security.archlinux.org/AVG-1011	34.0.0rc1