{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-26T19:30:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://exim.org/static/doc/security/CVE-2019-15846.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2019/09/06/1"}, {"name": "[debian-lts-announce] 20190906 [SECURITY] [DLA 1911-1] exim4 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00004.html"}, {"name": "20190906 [SECURITY] [DSA 4517-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/13"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/2"}, {"name": "DSA-4517", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4517"}, {"name": "USN-4124-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4124-1/"}, {"name": "VU#672565", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/672565"}, {"name": "[oss-security] 20190906 Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/6"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/4"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/5"}, {"name": "GLSA-201909-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201909-06"}, {"name": "[oss-security] 20190906 Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/8"}, {"name": "[oss-security] 20190907 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/07/1"}, {"name": "[oss-security] 20190906 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/07/2"}, {"name": "FEDORA-2019-ae361e20c2", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/"}, {"name": "FEDORA-2019-467fcbb10a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/"}, {"name": "[oss-security] 20190908 Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/08/1"}, {"name": "[oss-security] 20190909 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/09/1"}, {"name": "openSUSE-SU-2019:2093", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html"}, {"name": "FEDORA-2019-1ed7bbb09c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/"}, {"name": "USN-4124-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4124-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://exim.org/static/doc/security/CVE-2019-15846.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15846", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://exim.org/static/doc/security/CVE-2019-15846.txt", "refsource": "MISC", "url": "http://exim.org/static/doc/security/CVE-2019-15846.txt"}, {"name": "https://www.openwall.com/lists/oss-security/2019/09/06/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2019/09/06/1"}, {"name": "[debian-lts-announce] 20190906 [SECURITY] [DLA 1911-1] exim4 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00004.html"}, {"name": "20190906 [SECURITY] [DSA 4517-1] exim4 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/13"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/2"}, {"name": "DSA-4517", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4517"}, {"name": "USN-4124-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4124-1/"}, {"name": "VU#672565", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/672565"}, {"name": "[oss-security] 20190906 Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/6"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/4"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/5"}, {"name": "GLSA-201909-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201909-06"}, {"name": "[oss-security] 20190906 Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/8"}, {"name": "[oss-security] 20190907 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/07/1"}, {"name": "[oss-security] 20190906 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/07/2"}, {"name": "FEDORA-2019-ae361e20c2", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/"}, {"name": "FEDORA-2019-467fcbb10a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/"}, {"name": "[oss-security] 20190908 Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/08/1"}, {"name": "[oss-security] 20190909 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/09/1"}, {"name": "openSUSE-SU-2019:2093", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html"}, {"name": "FEDORA-2019-1ed7bbb09c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/"}, {"name": "USN-4124-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4124-2/"}, {"name": "https://exim.org/static/doc/security/CVE-2019-15846.txt", "refsource": "MISC", "url": "https://exim.org/static/doc/security/CVE-2019-15846.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:32.314Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://exim.org/static/doc/security/CVE-2019-15846.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2019/09/06/1"}, {"name": "[debian-lts-announce] 20190906 [SECURITY] [DLA 1911-1] exim4 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00004.html"}, {"name": "20190906 [SECURITY] [DSA 4517-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/13"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/2"}, {"name": "DSA-4517", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4517"}, {"name": "USN-4124-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4124-1/"}, {"name": "VU#672565", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/672565"}, {"name": "[oss-security] 20190906 Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/6"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/4"}, {"name": "[oss-security] 20190906 Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/5"}, {"name": "GLSA-201909-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201909-06"}, {"name": "[oss-security] 20190906 Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/8"}, {"name": "[oss-security] 20190907 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/07/1"}, {"name": "[oss-security] 20190906 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/07/2"}, {"name": "FEDORA-2019-ae361e20c2", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/"}, {"name": "FEDORA-2019-467fcbb10a", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/"}, {"name": "[oss-security] 20190908 Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/08/1"}, {"name": "[oss-security] 20190909 Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/09/1"}, {"name": "openSUSE-SU-2019:2093", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html"}, {"name": "FEDORA-2019-1ed7bbb09c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/"}, {"name": "USN-4124-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4124-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exim.org/static/doc/security/CVE-2019-15846.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15846", "datePublished": "2019-09-06T10:15:43", "dateReserved": "2019-09-02T00:00:00", "dateUpdated": "2024-08-05T01:03:32.314Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "matchCriteriaId": "317A4081-5E80-4ECE-945C-5AF6BD9D7E02", "versionEndExcluding": "4.92.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash."}, {"lang": "es", "value": "Exim versiones anteriores a 4.92.2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario como root por medio de una barra invertida al final de una URL."}], "id": "CVE-2019-15846", "lastModified": "2024-11-21T04:29:36.007", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-06T11:15:11.620", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://exim.org/static/doc/security/CVE-2019-15846.txt"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/4"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/5"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/8"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/07/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/07/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/08/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/09/09/1"}, {"source": "cve@mitre.org", "url": "https://exim.org/static/doc/security/CVE-2019-15846.txt"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00004.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/13"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201909-06"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4124-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4124-2/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2019/dsa-4517"}, {"source": "cve@mitre.org", "url": "https://www.kb.cert.org/vuls/id/672565"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2019/09/06/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://exim.org/static/doc/security/CVE-2019-15846.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/07/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/08/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/09/09/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exim.org/static/doc/security/CVE-2019-15846.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201909-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4124-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4124-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2019/dsa-4517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/672565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2019/09/06/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Exim project for reporting this issue. Upstream acknowledges Qualys and Zerons as the original reporters.", "bugzilla": {"description": "exim: out-of-bounds access in string_interpret_escape() leading to buffer overflow in the SMTP delivery process", "id": "1748397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748397"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-119->CWE-787", "details": ["Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.", "An out-of-bounds write flaw was found in exim. The function fails to correctly handle situations when a backslash is the last character of the input string and incorrectly sets the pointer that is supposed to point to the last character of the escape sequence upon function exit. That leads to out-of-bounds read when the caller attempts to process the input string following the escape sequence. Additionally, this may lead to out-of-bounds write when unescaped string is written (to the same or different buffer)."], "name": "CVE-2019-15846", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "impact": "moderate", "package_name": "exim", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-09-06T10:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-15846\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15846\nhttps://exim.org/static/doc/security/CVE-2019-15846.txt"], "statement": "The flaw in the string_interpret_escape() function exists in the versions of Exim as shipped with Red Hat Enterprise Linux 5. However, it is not exposed to untrusted inputs and therefore it can not be exploited to achieve remote code execution. Refer to Red Hat Bugzilla bug 1748397 for further technical details: https://bugzilla.redhat.com/show_bug.cgi?id=1748397#c6\nExim mail server is not shipped with Red Hat Enterprise Linux 6, 7, and 8.", "threat_severity": "Critical", "upstream_fix": "exim 4.92.2"}