Your submission was sent successfully! Close

CVE-2019-16928

Published: 28 September 2019

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

Notes

AuthorNote
mdeslaur
4.92 and higher only
Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
disco
Released (4.92-4ubuntu1.4)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f