VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7r7x-u71e-aaas

Essentials
Severities (103)
References (18)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-7r7x-u71e-aaas
Aliases	CVE-2022-3559
Summary	A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416	Use After Free

System	Score	Found at
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00135	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2022-3559
cvssv3.1	4.6	https://bugs.exim.org/show_bug.cgi?id=2915
ssvc	Track	https://bugs.exim.org/show_bug.cgi?id=2915
cvssv3.1	4.6	https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
ssvc	Track	https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
cvssv3.1	4.6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/
cvssv3.1	4.6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/
cvssv3.1	4.6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-3559
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-3559
cvssv3.1	4.6	https://vuldb.com/?id.211073
ssvc	Track	https://vuldb.com/?id.211073

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-3559
		https://bugs.exim.org/show_bug.cgi?id=2915
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3559
		https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/
		https://vuldb.com/?id.211073
cpe:2.3:a:exim:exim::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim::::::::
cpe:2.3:a:exim:exim:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:-:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
CVE-2022-3559		https://nvd.nist.gov/vuln/detail/CVE-2022-3559
USN-5741-1		https://usn.ubuntu.com/5741-1/

No exploits are available.

Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://bugs.exim.org/show_bug.cgi?id=2915

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/ Found at https://bugs.exim.org/show_bug.cgi?id=2915

Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/ Found at https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2

Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/

Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3559

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3559

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://vuldb.com/?id.211073

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/ Found at https://vuldb.com/?id.211073

Exploit Prediction Scoring System (EPSS)

Percentile	0.26556
EPSS Score	0.00111
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.