CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-16928

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score48.0980%
EPSS Percentile93.37th
Published2019年9月27日
Last Modified2025年11月7日

Vulnerability Description

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

Affected Platforms (CPE)

📦
Exim

Exim

>= 4.92 and <= 4.92.2
💻
Canonical

Ubuntu Linux

= 19.04
💻
Debian

Debian Linux

= 10.0
💻
Fedoraproject

Fedora

= 29
💻
Fedoraproject

Fedora

= 30
💻
Fedoraproject

Fedora

= 31

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2019/09/28/1
🔗 http://www.openwall.com/lists/oss-security/2019/09/28/2
🔗 http://www.openwall.com/lists/oss-security/2019/09/28/3
🔗 http://www.openwall.com/lists/oss-security/2019/09/28/4
🔗 https://bugs.exim.org/show_bug.cgi?id=2449
🔗 https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f
🔗 https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/

関連する脆弱性情報

CVE-2019-101499.8

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function...

CVE-2019-139179.8

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort }...

CVE-2019-158469.8

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

CVE-2020-260989.8

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).