Search for vulnerabilities
Vulnerability details: VCID-v8uj-dynt-aaad
Vulnerability ID VCID-v8uj-dynt-aaad
Aliases CVE-2020-12783
Summary Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12783.html
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12783.json
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.02632 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.02632 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.0465 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
epss 0.14793 https://api.first.org/data/v1/epss?cve=CVE-2020-12783
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1836362
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12783
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-12783
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12783
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12783
generic_textual Medium https://ubuntu.com/security/notices/USN-4366-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-4366-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12783.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12783.json
https://api.first.org/data/v1/epss?cve=CVE-2020-12783
https://bugs.exim.org/show_bug.cgi?id=2571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12783
https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86
https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/
https://ubuntu.com/security/notices/USN-4366-1
https://usn.ubuntu.com/4366-1/
https://usn.ubuntu.com/usn/usn-4366-1
https://www.debian.org/security/2020/dsa-4687
http://www.openwall.com/lists/oss-security/2021/05/04/7
1836362 https://bugzilla.redhat.com/show_bug.cgi?id=1836362
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVE-2020-12783 https://nvd.nist.gov/vuln/detail/CVE-2020-12783
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12783.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-12783
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-12783
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-12783
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.65601
EPSS Score 0.00253
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.