CVE-2020-28017 - log back

CVE-2020-28017 edited at 06 May 2021 17:20:13
Description
- An integer overflow in receive_add_recipient() has been found in Exim before version 4.94.2. It allows for an unauthenticated remote code execution as the "exim" user, but requires more than 25GB of memory in the default configuration.
+ Exim 4 before 4.94.2 allows integer overflow to buffer overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
CVE-2020-28017 edited at 04 May 2021 14:35:58
Severity
- Medium
+ Low
Description
- An integer overflow in receive_add_recipient() has been found in Exim before version 4.94.2.
+ An integer overflow in receive_add_recipient() has been found in Exim before version 4.94.2. It allows for an unauthenticated remote code execution as the "exim" user, but requires more than 25GB of memory in the default configuration.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/605716b999a4ca6c7d5777ab7463058e9b055dc2
Notes
CVE-2020-28017 edited at 04 May 2021 14:01:36
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ An integer overflow in receive_add_recipient() has been found in Exim before version 4.94.2.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28017 created at 04 May 2021 13:46:53