CVE-2017-16944 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Denial of service
Description	The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-518	exim	4.89-1	4.89.1-1	Critical	Fixed	FS#56478

Date	Advisory	Group	Package	Severity	Type
30 Nov 2017	ASA-201711-32	AVG-518	exim	Critical	multiple issues

References
http://openwall.com/lists/oss-security/2017/11/25/2 https://bugs.exim.org/show_bug.cgi?id=2201 https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542 https://www.exploit-db.com/exploits/43184/

References

http://openwall.com/lists/oss-security/2017/11/25/2
https://bugs.exim.org/show_bug.cgi?id=2201
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542
https://www.exploit-db.com/exploits/43184/