Your submission was sent successfully! Close

CVE-2022-37452

Published: 7 August 2022

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
exim4
Launchpad, Ubuntu, Debian
bionic
Released (4.90.1-1ubuntu1.9)
focal
Released (4.93-13ubuntu1.6)
jammy Not vulnerable
(4.95-4ubuntu2.1)
trusty
Released (4.82-3ubuntu2.4+esm4)
upstream
Released (4.94.2-5)
xenial
Released (4.86.2-2ubuntu2.6+esm2)
Patches:
upstream: https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743