VulnerableCode Package Details - pkg:alpm/archlinux/exim@4.94.2-1

Search for packages

Package details: pkg:alpm/archlinux/exim@4.94.2-1

Essentials
History (57)

purl	pkg:alpm/archlinux/exim@4.94.2-1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (19)

Vulnerability	Summary	Aliases
VCID-2sjc-drqj-aaaf	Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.	CVE-2020-28015
VCID-5ket-3f28-aaan	Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.	CVE-2020-28021
VCID-63g4-j4nd-aaad	Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.	CVE-2020-28011
VCID-88fs-zb4r-aaac	Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.	CVE-2020-28014
VCID-c6q6-m6rw-aaap	Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.	CVE-2020-28022
VCID-cjv1-kfbs-aaag	Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.	CVE-2020-28026
VCID-dar1-s72w-aaap	Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.	CVE-2020-28012
VCID-fp42-vdmb-aaaa	Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.	CVE-2020-28018
VCID-ms2c-kqz5-aaas	Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.	CVE-2020-28017
VCID-nfxa-nhgz-aaaf	Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.	CVE-2020-28025
VCID-qzhj-an3g-aaag	Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).	CVE-2020-28010
VCID-rq3j-uyp1-aaah	Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).	CVE-2020-28009
VCID-t7p1-8mcp-aaaj	Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.	CVE-2020-28016
VCID-v8mn-cp7h-aaaf	Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.	CVE-2020-28023
VCID-v95c-2sp9-aaan	Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.	CVE-2020-28008
VCID-v9dw-pa2e-aaaa	Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.	CVE-2020-28013
VCID-w3f9-2bds-aaah	Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.	CVE-2020-28019
VCID-w8z8-chwq-aaap	Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.	CVE-2020-28007
VCID-zd9g-egsv-aaap	Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.	CVE-2020-28024

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:37.245732+00:00	Arch Linux Importer	Fixing	VCID-w8z8-chwq-aaap	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.227116+00:00	Arch Linux Importer	Fixing	VCID-v95c-2sp9-aaan	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.208250+00:00	Arch Linux Importer	Fixing	VCID-rq3j-uyp1-aaah	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.189654+00:00	Arch Linux Importer	Fixing	VCID-qzhj-an3g-aaag	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.170895+00:00	Arch Linux Importer	Fixing	VCID-63g4-j4nd-aaad	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.151843+00:00	Arch Linux Importer	Fixing	VCID-dar1-s72w-aaap	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.133152+00:00	Arch Linux Importer	Fixing	VCID-v9dw-pa2e-aaaa	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.114584+00:00	Arch Linux Importer	Fixing	VCID-88fs-zb4r-aaac	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.095839+00:00	Arch Linux Importer	Fixing	VCID-2sjc-drqj-aaaf	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.077289+00:00	Arch Linux Importer	Fixing	VCID-t7p1-8mcp-aaaj	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.058770+00:00	Arch Linux Importer	Fixing	VCID-ms2c-kqz5-aaas	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.040060+00:00	Arch Linux Importer	Fixing	VCID-fp42-vdmb-aaaa	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.021494+00:00	Arch Linux Importer	Fixing	VCID-w3f9-2bds-aaah	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:37.002894+00:00	Arch Linux Importer	Fixing	VCID-5ket-3f28-aaan	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:36.984313+00:00	Arch Linux Importer	Fixing	VCID-c6q6-m6rw-aaap	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:36.965672+00:00	Arch Linux Importer	Fixing	VCID-v8mn-cp7h-aaaf	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:36.946814+00:00	Arch Linux Importer	Fixing	VCID-zd9g-egsv-aaap	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:36.928040+00:00	Arch Linux Importer	Fixing	VCID-nfxa-nhgz-aaaf	https://security.archlinux.org/AVG-1911	36.0.0
2025-03-28T07:45:36.909462+00:00	Arch Linux Importer	Fixing	VCID-cjv1-kfbs-aaag	https://security.archlinux.org/AVG-1911	36.0.0
2024-09-18T02:00:35.693624+00:00	Arch Linux Importer	Fixing	VCID-w8z8-chwq-aaap	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.673497+00:00	Arch Linux Importer	Fixing	VCID-v95c-2sp9-aaan	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.653685+00:00	Arch Linux Importer	Fixing	VCID-rq3j-uyp1-aaah	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.633722+00:00	Arch Linux Importer	Fixing	VCID-qzhj-an3g-aaag	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.605590+00:00	Arch Linux Importer	Fixing	VCID-63g4-j4nd-aaad	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.580783+00:00	Arch Linux Importer	Fixing	VCID-dar1-s72w-aaap	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.561240+00:00	Arch Linux Importer	Fixing	VCID-v9dw-pa2e-aaaa	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.540897+00:00	Arch Linux Importer	Fixing	VCID-88fs-zb4r-aaac	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.521665+00:00	Arch Linux Importer	Fixing	VCID-2sjc-drqj-aaaf	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.501615+00:00	Arch Linux Importer	Fixing	VCID-t7p1-8mcp-aaaj	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.481710+00:00	Arch Linux Importer	Fixing	VCID-ms2c-kqz5-aaas	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.462415+00:00	Arch Linux Importer	Fixing	VCID-fp42-vdmb-aaaa	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.443022+00:00	Arch Linux Importer	Fixing	VCID-w3f9-2bds-aaah	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.422346+00:00	Arch Linux Importer	Fixing	VCID-5ket-3f28-aaan	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.402580+00:00	Arch Linux Importer	Fixing	VCID-c6q6-m6rw-aaap	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.377119+00:00	Arch Linux Importer	Fixing	VCID-v8mn-cp7h-aaaf	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.345873+00:00	Arch Linux Importer	Fixing	VCID-zd9g-egsv-aaap	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.316484+00:00	Arch Linux Importer	Fixing	VCID-nfxa-nhgz-aaaf	https://security.archlinux.org/AVG-1911	34.0.1
2024-09-18T02:00:35.297150+00:00	Arch Linux Importer	Fixing	VCID-cjv1-kfbs-aaag	https://security.archlinux.org/AVG-1911	34.0.1
2024-01-03T22:26:52.815161+00:00	Arch Linux Importer	Fixing	VCID-w8z8-chwq-aaap	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.793061+00:00	Arch Linux Importer	Fixing	VCID-v95c-2sp9-aaan	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.769203+00:00	Arch Linux Importer	Fixing	VCID-rq3j-uyp1-aaah	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.747128+00:00	Arch Linux Importer	Fixing	VCID-qzhj-an3g-aaag	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.725603+00:00	Arch Linux Importer	Fixing	VCID-63g4-j4nd-aaad	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.701739+00:00	Arch Linux Importer	Fixing	VCID-dar1-s72w-aaap	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.677915+00:00	Arch Linux Importer	Fixing	VCID-v9dw-pa2e-aaaa	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.655615+00:00	Arch Linux Importer	Fixing	VCID-88fs-zb4r-aaac	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.633906+00:00	Arch Linux Importer	Fixing	VCID-2sjc-drqj-aaaf	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.614183+00:00	Arch Linux Importer	Fixing	VCID-t7p1-8mcp-aaaj	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.594774+00:00	Arch Linux Importer	Fixing	VCID-ms2c-kqz5-aaas	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.575508+00:00	Arch Linux Importer	Fixing	VCID-fp42-vdmb-aaaa	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.556178+00:00	Arch Linux Importer	Fixing	VCID-w3f9-2bds-aaah	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.536734+00:00	Arch Linux Importer	Fixing	VCID-5ket-3f28-aaan	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.517051+00:00	Arch Linux Importer	Fixing	VCID-c6q6-m6rw-aaap	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.497440+00:00	Arch Linux Importer	Fixing	VCID-v8mn-cp7h-aaaf	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.477958+00:00	Arch Linux Importer	Fixing	VCID-zd9g-egsv-aaap	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.458507+00:00	Arch Linux Importer	Fixing	VCID-nfxa-nhgz-aaaf	https://security.archlinux.org/AVG-1911	34.0.0rc1
2024-01-03T22:26:52.439012+00:00	Arch Linux Importer	Fixing	VCID-cjv1-kfbs-aaag	https://security.archlinux.org/AVG-1911	34.0.0rc1