CVE-2022-37452

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.95

Description The issue is related to a heap-based buffer overflow in the host name lookup function in host.c when sender host name is set. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 4.95, update to version 4.95 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sender host name setting until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2023-4105

ALT-PU-2023-4919

ALT-PU-2023-4920

ALT-PU-2023-5120

BDU:2022-04829

CVE-2022-37452

DLA-3082-1

USN-5574-1

Affected Products

Alt Linux

Astra Linux

Exim

Linuxmint

Ubuntu

CVE-2022-37452

Weakness Enumeration

Related Identifiers

Affected Products

References · 29