Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 04:28
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. |
02 Feb 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2010-4344 exim: remote code execution flaw |
04 May 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2010-12-14 16:00
Updated : 2023-12-10 11:03
NVD link : CVE-2010-4344
Mitre link : CVE-2010-4344
CVE.ORG link : CVE-2010-4344
JSON object : View
Products Affected
exim
- exim
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer