Back to search
CVE-2017-1000369
Published: Jun 19, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1038779
vdb-entry
x_refsource_SECTRACK
99252
vdb-entry
x_refsource_BID
https://access.redhat.com/security/cve/CVE-2017-1000369
x_refsource_CONFIRM
GLSA-201709-19
vendor-advisory
x_refsource_GENTOO
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
x_refsource_MISC
DSA-3888
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now