QwikSec

Security Database

CVE

CWE

Training

CVE-2003-0743

Published: Sep 6, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_CONECTIVA

[Exim] 20030814 Minor security bug

mailing-list

x_refsource_MLIST

http://www.exim.org/pipermail/exim-announce/2003q3/000094.html

x_refsource_CONFIRM

20030901 exim remote heap overflow, probably not exploitable

mailing-list

x_refsource_BUGTRAQ

20030903 Re: exim remote heap overflow, probably not exploitable

mailing-list

x_refsource_VULN-DEV

[Exim] 20030815 Minor security bug

mailing-list

x_refsource_MLIST

http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog

x_refsource_CONFIRM

http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.