CVE-2019-16928

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Exim versions 4.92 through 4.92.2

Description The issue is related to a heap-based buffer overflow in the string vformat function in string.c, which can be exploited by sending a long EHLO command, potentially allowing remote code execution. This vulnerability can be exploited after privilege reset and is limited to code execution with the privileges of the non-privileged user under which the message handler runs.

Recommendations For Exim versions 4.92 through 4.92.2, update to Exim 4.92.3 to resolve the issue. As a temporary workaround, consider restricting access to the EHLO command to minimize the risk of exploitation.

Exploit

Fix

RCE

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-787

Related Identifiers

BDU:2019-03829

CVE-2019-16928

DSA-4536-1

OPENSUSE-SU-2021:0677-1

OPENSUSE-SU-2021:0753-1

OPENSUSE-SU-2021:0754-1

OPENSUSE-SU-2021_0677-1

OPENSUSE-SU-2024:10746-1

Affected Products

Exim

Suse

Ubuntu

CVE-2019-16928

Weakness Enumeration

Related Identifiers

Affected Products

References · 176