---

CVE-2019-16928 - log back

CVE-2019-16928 edited at 02 Oct 2019 11:30:32
References	https://www.exim.org/static/doc/security/CVE-2019-16928.txt + https://bugs.exim.org/show_bug.cgi?id=2449 + https://git.exim.org/exim.git/commitdiff/478effbfd9c3cc5a627fc671d4bf94d13670d65f + https://www.openwall.com/lists/oss-security/2019/09/28/1

CVE-2019-16928 edited at 02 Oct 2019 11:28:48

Description

- It has been discovered that Exim before 4.92.3 is vulnerable to a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist. + It has been discovered that Exim before 4.92.3 is vulnerable to a heap-based buffer overflow in string_vformat (string.c) involving a long EHLO command leading to remote code execution.

CVE-2019-16928 edited at 02 Oct 2019 11:27:12
Severity	- Unknown + Critical
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ It has been discovered that Exim before 4.92.3 is vulnerable to a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist.
References	+ https://www.exim.org/static/doc/security/CVE-2019-16928.txt
Notes

CVE-2019-16928 created at 02 Oct 2019 11:24:51