CVE-2019-16928
Published: 28 September 2019
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
exim4 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code not present)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code not present)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(code not present)
|
|
Patches: Upstream: https://git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f |