CVE-2017-16944
Description
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a . character signifying the end of the content, related to the bdat_getc function.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
76.366
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Exim4 4.88-5ubuntu1 for Ubuntu 17.04 (x64) exim4_4.88-5ubuntu1.3_all.deb | Linux |
| Linux kernel (LSN-0032-2) exim4-daemon-heavy_4.88-5ubuntu1.3_i386.deb | Linux |
| Linux kernel (LSN-0032-2) exim4-daemon-heavy_4.88-5ubuntu1.3_amd64.deb | Linux |
| Linux kernel (LSN-0032-2) exim4-daemon-heavy_4.89-5ubuntu1.2_i386.deb | Linux |
| Linux kernel (LSN-0032-2) exim4-daemon-heavy_4.89-5ubuntu1.2_amd64.deb | Linux |
| Linux kernel (LSN-0032-2) exim4-daemon-light_4.88-5ubuntu1.3_i386.deb | Linux |
| Linux kernel (LSN-0032-2) exim4-daemon-light_4.88-5ubuntu1.3_amd64.deb | Linux |
| Linux kernel (LSN-0032-2) exim4-daemon-light_4.89-5ubuntu1.2_i386.deb | Linux |
| Linux kernel (LSN-0032-2) exim4-daemon-light_4.89-5ubuntu1.2_amd64.deb | Linux |
| Exim is a mail transport agent (USN-3499-1) exim4-daemon-heavy_4.88-5ubuntu1.3_amd64.deb | Linux |
| Exim is a mail transport agent (USN-3499-1) exim4-daemon-heavy_4.88-5ubuntu1.3_i386.deb | Linux |
| Exim is a mail transport agent (USN-3499-1) exim4-daemon-heavy_4.89-5ubuntu1.2_amd64.deb | Linux |
| Exim is a mail transport agent (USN-3499-1) exim4-daemon-heavy_4.89-5ubuntu1.2_i386.deb | Linux |
| Exim is a mail transport agent (USN-3499-1) exim4-daemon-light_4.88-5ubuntu1.3_amd64.deb | Linux |
| Exim is a mail transport agent (USN-3499-1) exim4-daemon-light_4.88-5ubuntu1.3_i386.deb | Linux |
| Exim is a mail transport agent (USN-3499-1) exim4-daemon-light_4.89-5ubuntu1.2_amd64.deb | Linux |
| Exim is a mail transport agent (USN-3499-1) exim4-daemon-light_4.89-5ubuntu1.2_i386.deb | Linux |
| exim4 security update(DSA-4053-1) exim4_4.89-2+deb9u2_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234