---

CVE-2020-28016 - log back

CVE-2020-28016 edited at 06 May 2021 17:19:38
Severity	- Medium + Low
Description	- A heap out-of-bounds write in parse_fix_phrase() has been found in Exim before version 4.94.2. If exploitable, it would allow an unprivileged local attacker to obtain full root privileges. + Exim 4 before 4.94.2 allows an off-by-two out-of-bounds write because "-F ''" is mishandled by parse_fix_phrase.

CVE-2020-28016 edited at 04 May 2021 14:33:54
Type	- Arbitrary code execution + Privilege escalation
Description	- A heap out-of-bounds write in parse_fix_phrase() has been found in Exim before version 4.94.2. + A heap out-of-bounds write in parse_fix_phrase() has been found in Exim before version 4.94.2. If exploitable, it would allow an unprivileged local attacker to obtain full root privileges.
References	https://www.openwall.com/lists/oss-security/2021/05/04/6 https://www.qualys.com/2021/05/04/21nails/21nails.txt + https://git.exim.org/exim.git/commitdiff/8b1e9bc2cac17ee24d595c97dcf97d9b016f8a46
Notes

CVE-2020-28016 edited at 04 May 2021 13:58:30
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ A heap out-of-bounds write in parse_fix_phrase() has been found in Exim before version 4.94.2.
References	+ https://www.openwall.com/lists/oss-security/2021/05/04/6 + https://www.qualys.com/2021/05/04/21nails/21nails.txt

CVE-2020-28016 created at 04 May 2021 13:46:53