Search for packages
| purl | pkg:deb/debian/exim4@4.94.2-7 |
| Tags | Ghost |
| Next non-vulnerable version | 4.96-15~bpo11+1 |
| Latest non-vulnerable version | 4.96-15~bpo11+1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-562c-7fwk-aaan
Aliases: CVE-2022-37451 |
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-5g4a-x5x1-aaab
Aliases: CVE-2023-42117 |
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-6cf4-ptdu-aaab
Aliases: CVE-2023-42119 |
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7r7x-u71e-aaas
Aliases: CVE-2022-3559 |
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bwfa-mzyb-aaap
Aliases: CVE-2023-42115 |
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17434. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fuek-yjw4-aaaq
Aliases: CVE-2023-42114 |
Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. . Was ZDI-CAN-17433. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mq2d-w8ck-aaak
Aliases: CVE-2021-38371 |
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-z7ub-bt5e-aaaj
Aliases: CVE-2023-42116 |
Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17515. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-12T14:15:21.265527+00:00 | Debian Importer | Affected by | VCID-6cf4-ptdu-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-12T14:15:17.457961+00:00 | Debian Importer | Affected by | VCID-6cf4-ptdu-aaab | None | 34.0.0rc2 |
| 2024-01-12T14:15:14.052286+00:00 | Debian Importer | Affected by | VCID-5g4a-x5x1-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-12T14:15:07.661049+00:00 | Debian Importer | Affected by | VCID-5g4a-x5x1-aaab | None | 34.0.0rc2 |
| 2024-01-12T14:15:06.742853+00:00 | Debian Importer | Affected by | VCID-z7ub-bt5e-aaaj | None | 34.0.0rc2 |
| 2024-01-12T14:15:02.976606+00:00 | Debian Importer | Affected by | VCID-bwfa-mzyb-aaap | None | 34.0.0rc2 |
| 2024-01-12T14:15:01.719012+00:00 | Debian Importer | Affected by | VCID-fuek-yjw4-aaaq | None | 34.0.0rc2 |
| 2024-01-12T00:54:37.683273+00:00 | Debian Importer | Affected by | VCID-562c-7fwk-aaan | None | 34.0.0rc2 |
| 2024-01-11T22:31:28.562671+00:00 | Debian Importer | Affected by | VCID-7r7x-u71e-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-11T22:31:17.753393+00:00 | Debian Importer | Affected by | VCID-7r7x-u71e-aaas | None | 34.0.0rc2 |
| 2024-01-11T05:24:50.500717+00:00 | Debian Importer | Affected by | VCID-mq2d-w8ck-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-11T05:24:45.325787+00:00 | Debian Importer | Affected by | VCID-mq2d-w8ck-aaak | None | 34.0.0rc2 |
| 2024-01-05T09:41:22.401417+00:00 | Debian Importer | Affected by | VCID-6cf4-ptdu-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T09:41:18.275945+00:00 | Debian Importer | Affected by | VCID-6cf4-ptdu-aaab | None | 34.0.0rc1 |
| 2024-01-05T09:41:17.423478+00:00 | Debian Importer | Affected by | VCID-5g4a-x5x1-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T09:41:13.304786+00:00 | Debian Importer | Affected by | VCID-5g4a-x5x1-aaab | None | 34.0.0rc1 |
| 2024-01-05T09:41:12.357343+00:00 | Debian Importer | Affected by | VCID-z7ub-bt5e-aaaj | None | 34.0.0rc1 |
| 2024-01-05T09:41:08.938677+00:00 | Debian Importer | Affected by | VCID-bwfa-mzyb-aaap | None | 34.0.0rc1 |
| 2024-01-05T09:41:08.078571+00:00 | Debian Importer | Affected by | VCID-fuek-yjw4-aaaq | None | 34.0.0rc1 |
| 2024-01-05T04:23:49.449372+00:00 | Debian Importer | Affected by | VCID-562c-7fwk-aaan | None | 34.0.0rc1 |
| 2024-01-05T04:00:45.467607+00:00 | Debian Importer | Affected by | VCID-7r7x-u71e-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T04:00:12.096696+00:00 | Debian Importer | Affected by | VCID-7r7x-u71e-aaas | None | 34.0.0rc1 |
| 2024-01-04T16:45:08.816984+00:00 | Debian Importer | Affected by | VCID-mq2d-w8ck-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T16:44:58.849015+00:00 | Debian Importer | Affected by | VCID-mq2d-w8ck-aaak | None | 34.0.0rc1 |