Search for vulnerabilities
Vulnerability details: VCID-562c-7fwk-aaan
Vulnerability ID VCID-562c-7fwk-aaan
Aliases CVE-2022-37451
Summary Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-763 Release of Invalid Pointer or Reference
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37451.json
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03641 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.03872 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
epss 0.26727 https://api.first.org/data/v1/epss?cve=CVE-2022-37451
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2119782
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37451
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37451
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37451.json
https://api.first.org/data/v1/epss?cve=CVE-2022-37451
https://cwe.mitre.org/data/definitions/762.html
https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42
https://github.com/Exim/exim/compare/exim-4.95...exim-4.96
https://github.com/Exim/exim/wiki/EximSecurity
https://github.com/ivd38/exim_invalid_free
https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XSWDF4QEXD4TDWQLYQOWCHBJKTDQR4Z7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XSWDF4QEXD4TDWQLYQOWCHBJKTDQR4Z7/
https://www.exim.org/static/doc/security/
https://www.openwall.com/lists/oss-security/2022/08/06/1
2119782 https://bugzilla.redhat.com/show_bug.cgi?id=2119782
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-37451 https://nvd.nist.gov/vuln/detail/CVE-2022-37451
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37451.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-37451
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-37451
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.73028
EPSS Score 0.00367
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.