CVE-2020-12783
Description
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.448
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| exim4 security update(DSA-4687-1) exim4_4.89-2+deb9u7_all.deb | Linux |
| exim4 security update(DSA-4687-1) exim4_4.92-8+deb10u4_all.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-base_4.93-13ubuntu1.1_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-base_4.86.2-2ubuntu2.6_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-base_4.86.2-2ubuntu2.6_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-base_4.90.1-1ubuntu1.5_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-base_4.90.1-1ubuntu1.5_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-base_4.92.1-1ubuntu3.1_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-base_4.92.1-1ubuntu3.1_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4_4.82-3ubuntu2_all.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4_4.82-3ubuntu2.3_all.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4_4.82-3ubuntu2.4_all.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-heavy_4.93-13ubuntu1.1_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-heavy_4.86.2-2ubuntu2.6_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-heavy_4.86.2-2ubuntu2.6_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-heavy_4.90.1-1ubuntu1.5_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-heavy_4.90.1-1ubuntu1.5_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-heavy_4.92.1-1ubuntu3.1_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-heavy_4.92.1-1ubuntu3.1_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-light_4.93-13ubuntu1.1_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-light_4.86.2-2ubuntu2.6_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-light_4.86.2-2ubuntu2.6_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-light_4.90.1-1ubuntu1.5_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-light_4.90.1-1ubuntu1.5_amd64.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-light_4.92.1-1ubuntu3.1_i386.deb | Linux |
| Exim is a mail transport agent (USN-4366-1) exim4-daemon-light_4.92.1-1ubuntu3.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234