CVE-2020-28025 - log back

CVE-2020-28025 edited at 06 May 2021 17:29:39
Description
- A heap out-of-bounds read in pdkim_finish_bodyhash() has been found in Exim before version 4.94.2. If "acl_smtp_dkim" is set (it is unset by default), an unauthenticated remote attacker may transform this vulnerability into an information disclosure.
+ Exim 4 before 4.94.2 allows out-of-bounds read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
CVE-2020-28025 edited at 04 May 2021 14:50:50
Description
- A heap out-of-bounds read in pdkim_finish_bodyhash() has been found in Exim before version 4.94.2.
+ A heap out-of-bounds read in pdkim_finish_bodyhash() has been found in Exim before version 4.94.2. If "acl_smtp_dkim" is set (it is unset by default), an unauthenticated remote attacker may transform this vulnerability into an information disclosure.
References
https://www.openwall.com/lists/oss-security/2021/05/04/6
https://www.qualys.com/2021/05/04/21nails/21nails.txt
+ https://git.exim.org/exim.git/commitdiff/1c261b90f627f0489f7dfcf1e66b46cce67f477d
Notes
CVE-2020-28025 edited at 04 May 2021 14:06:08
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A heap out-of-bounds read in pdkim_finish_bodyhash() has been found in Exim before version 4.94.2.
References
+ https://www.openwall.com/lists/oss-security/2021/05/04/6
+ https://www.qualys.com/2021/05/04/21nails/21nails.txt
CVE-2020-28025 created at 04 May 2021 13:46:53