PT-2022-5331 · Exim+4 · Exim+4

Graeme Fowler

Published

2022-08-31

Updated

2025-05-23

CVE-2022-3559

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exim (affected versions not specified)

Description A vulnerability was found in Exim, affecting the Regex Handler component. This issue leads to use after free, potentially allowing a remote attacker to cause a denial of service or gain access to confidential data. The manipulation of the Regex Handler component can be exploited by a remote attacker, allowing them to send a special request to the application and obtain access to sensitive information.

Recommendations To fix this issue, it is recommended to apply a patch with the name 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. As a temporary workaround, consider disabling the Regex Handler component until a patch is available. Restrict access to the component to minimize the risk of exploitation. Avoid using the component in a way that could lead to use after free until the issue is resolved.

Fix

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

BDU:2022-06645

CVE-2022-3559

DLA-3938-1

OESA-2024-1926

OESA-2024-1927

OPENSUSE-SU-2022:10168-1

OPENSUSE-SU-2022:10191-1

OPENSUSE-SU-2024:0007-1

OPENSUSE-SU-2024:12422-1

USN-5741-1

Affected Products

Astra Linux

Exim

Linuxmint

Red Os

Ubuntu

PT-2022-5331 · Exim+4 · Exim+4

CVE-2022-3559

Weakness Enumeration

Related Identifiers

Affected Products

References · 54