Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2003-0743

Published: 20/10/2003 Updated: 18/10/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to University Of Cambridge

Vulnerability Summary

Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) prior to 3.36 and Exim 4 (exim4) prior to 4.21 may allow remote malicious users to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.

Vulnerable Product Search on Vulmon Subscribe to Product

university of cambridge exim 3.15

university of cambridge exim 3.16

university of cambridge exim 3.3.1

university of cambridge exim 3.3.2

university of cambridge exim 3.36

university of cambridge exim 4.10

university of cambridge exim 3.11

university of cambridge exim 3.12

university of cambridge exim 3.19

university of cambridge exim 3.20

university of cambridge exim 3.32

university of cambridge exim 3.33

university of cambridge exim 3.0

university of cambridge exim 3.17

university of cambridge exim 3.18

university of cambridge exim 3.30

university of cambridge exim 3.31

university of cambridge exim 4.20

university of cambridge exim 3.13

university of cambridge exim 3.14

university of cambridge exim 3.21

university of cambridge exim 3.22

university of cambridge exim 3.3

university of cambridge exim 3.34

university of cambridge exim 3.35

Vendor Advisories

Debian Security Advisories: DSA-376-2 exim -- buffer overflow
A buffer overflow exists in exim, which is the standard mail transport agent in Debian By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap This vulnerability is not believed at this time to be exploitable to execute arbitrary code For the st ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2003/dsa-376http://www.exim.org/pipermail/exim-announce/2003q3/000094.htmlhttp://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.htmlhttp://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.htmlhttp://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changeloghttp://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changeloghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735http://marc.info/?l=bugtraq&m=106252015820395&w=2http://marc.info/?l=vuln-dev&m=106264740820334&w=2https://nvd.nist.govhttps://www.debian.org/security/./dsa-376
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook