CVE-2017-1000369 - log back

CVE-2017-1000369 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ An uncontrolled resource consumption flaw has been discovered in Exim before 4.89.1. The use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed results in leaking memory. While Exim itself is not vulnerable to privilege escalation, this particular flaw can be used by the stackguard vulnerability to achieve privilege escalation.
References
+ https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+ https://git.exim.org/exim.git/commitdiff/65e061b76867a9ea7aeeb535341b790b90ae6c21
+ https://access.redhat.com/security/vulnerabilities/stackguard
Notes