CVE-2020-28019 - log back

CVE-2020-28019 edited at 06 May 2021 17:21:17
Description
- A denial of service security issue has been found in Exim before version 4.94.2 that allows an unauthenticated attacker to crash the server with a segmentation fault by exploiting Exim's failure to reset a function pointer after a BDAT error.
+ Exim 4 before 4.94.2 has improper initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.
CVE-2020-28019 edited at 04 May 2021 14:41:46
Type
- Arbitrary code execution
+ Denial of service
Description
- A failure to reset function pointer after a BDAT error has been found in Exim before version 4.94.2.
+ A denial of service security issue has been found in Exim before version 4.94.2 that allows an unauthenticated attacker to crash the server with a segmentation fault by exploiting Exim's failure to reset a function pointer after a BDAT error.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/99d057fad97a2def9f000ebccda83e4008112819
Notes
CVE-2020-28019 edited at 04 May 2021 14:02:40
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A failure to reset function pointer after a BDAT error has been found in Exim before version 4.94.2.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28019 created at 04 May 2021 13:46:53