Base Score

CRITICAL9.8

CVE-2022-37452

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 07, 2022, 18:15

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743
https://github.com/Exim/exim/compare/exim-4.94...exim-4.95
https://github.com/Exim/exim/wiki/EximSecurity
https://github.com/ivd38/exim_overflow
https://lists.debian.org/debian-lts-announce/2022/08/msg00014.html
https://www.exim.org/static/doc/security/
https://www.openwall.com/lists/oss-security/2022/08/06/8

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH