Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) prior to 3.36 and Exim 4 (exim4) prior to 4.21 may allow remote malicious users to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
university of cambridge exim 3.15 |
||
university of cambridge exim 3.16 |
||
university of cambridge exim 3.3.1 |
||
university of cambridge exim 3.3.2 |
||
university of cambridge exim 3.36 |
||
university of cambridge exim 4.10 |
||
university of cambridge exim 3.11 |
||
university of cambridge exim 3.12 |
||
university of cambridge exim 3.19 |
||
university of cambridge exim 3.20 |
||
university of cambridge exim 3.32 |
||
university of cambridge exim 3.33 |
||
university of cambridge exim 3.0 |
||
university of cambridge exim 3.17 |
||
university of cambridge exim 3.18 |
||
university of cambridge exim 3.30 |
||
university of cambridge exim 3.31 |
||
university of cambridge exim 4.20 |
||
university of cambridge exim 3.13 |
||
university of cambridge exim 3.14 |
||
university of cambridge exim 3.21 |
||
university of cambridge exim 3.22 |
||
university of cambridge exim 3.3 |
||
university of cambridge exim 3.34 |
||
university of cambridge exim 3.35 |