ID CVE-2017-16944
Summary The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
References
Vulnerable Configurations
  • cpe:2.3:a:exim:exim:4.88:*:*:*:*:*:*:*
    cpe:2.3:a:exim:exim:4.88:*:*:*:*:*:*:*
  • cpe:2.3:a:exim:exim:4.89:*:*:*:*:*:*:*
    cpe:2.3:a:exim:exim:4.89:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 04-05-2021 - 18:15)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
debian DSA-4053
exploit-db 43184
misc
sectrack 1039873
Last major update 04-05-2021 - 18:15
Published 25-11-2017 - 17:29
Last modified 04-05-2021 - 18:15
Back to Top