CVE-2020-12783

Published: 11 May 2020

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
Upstream
Released (4.93-16)
Ubuntu 20.04 LTS (Focal Fossa)
Released (4.93-13ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.90.1-1ubuntu1.5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.86.2-2ubuntu2.6)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.82-3ubuntu2.4+esm2)
Patches:
Upstream: https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86
Upstream: https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0