ALAS-2021-1497 --- eximID: oval:org.secpod.oval:def:1601435 | Date: (C)2021-05-11 (M)2022-10-12 |
Class: PATCH | Family: unix |
Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. Prior versions of Exim 4 allowed Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. Prior versions of Exim 4 allowed Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. Prior versions of Exim 4 have Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file via AUTH= in a MAIL FROM command
Platform: |
Amazon Linux AMI |