CVE-2020-28022 - log back

CVE-2020-28022 edited at 06 May 2021 17:27:55
Type
- Arbitrary command execution
+ Arbitrary code execution
Description
- A heap out-of-bounds read and write in extract_option() has been found in Exim before version 4.94.2. If exploitable, this vulnerability would allow an unauthenticated remote attacker to execute arbitrary commands as the "exim" user.
+ Exim 4 before 4.94.2 has improper restriction of write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
CVE-2020-28022 edited at 04 May 2021 14:47:26
Type
- Incorrect calculation
+ Arbitrary command execution
Description
- A heap out-of-bounds read and write in extract_option() has been found in Exim before version 4.94.2.
+ A heap out-of-bounds read and write in extract_option() has been found in Exim before version 4.94.2. If exploitable, this vulnerability would allow an unauthenticated remote attacker to execute arbitrary commands as the "exim" user.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/33d4c87653ddbbea9fd8cb8eb2ff78c149850006
Notes
CVE-2020-28022 edited at 04 May 2021 14:04:26
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Incorrect calculation
Description
+ A heap out-of-bounds read and write in extract_option() has been found in Exim before version 4.94.2.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28022 created at 04 May 2021 13:46:53