CVE-2019-10149

Published: 04 June 2019

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.90.1-1ubuntu1.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.86.2-2ubuntu2.3)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.82-3ubuntu2.4)