CVE-2019-16928 - Vulnerability Details

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since March 3, 2022.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Exim	Exim
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2019/09/28/1
http://www.openwall.com/lists/oss-security/2019/09/28/2
http://www.openwall.com/lists/oss-security/2019/09/28/3
http://www.openwall.com/lists/oss-security/2019/09/28/4
https://bugs.exim.org/show_bug.cgi?id=2449
https://exim.org/static/doc/security/CVE-2019-16928.txt
https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f
https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/
https://nvd.nist.gov/vuln/detail/CVE-2019-16928
https://seclists.org/bugtraq/2019/Sep/60
https://security.gentoo.org/glsa/202003-47
https://usn.ubuntu.com/4141-1/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2019-16928
https://www.debian.org/security/2019/dsa-4536

History

Tue, 04 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-27T20:07:12.000Z

Updated: 2025-02-04T20:04:50.543Z

Reserved: 2019-09-27T00:00:00.000Z

Link: CVE-2019-16928

Vulnrichment

Updated: 2024-08-05T01:24:48.568Z

NVD

Status : Analyzed

Published: 2019-09-27T21:15:10.017

Modified: 2025-03-07T14:24:42.067

Link: CVE-2019-16928

Redhat

Severity : Critical

Publid Date: 2019-09-27T00:00:00Z

Links: CVE-2019-16928 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-20T20:06:16.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"tags": ["x_refsource_MISC"], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"name": "DSA-4536", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4536"}, {"name": "USN-4141-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4141-1/"}, {"name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"name": "FEDORA-2019-006dfc94cd", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"name": "FEDORA-2019-e080507ba5", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"name": "FEDORA-2019-d778bd4137", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"name": "GLSA-202003-47", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-47"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16928", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html", "refsource": "MISC", "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"name": "https://bugs.exim.org/show_bug.cgi?id=2449", "refsource": "MISC", "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"name": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f", "refsource": "MISC", "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"name": "DSA-4536", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4536"}, {"name": "USN-4141-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4141-1/"}, {"name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"name": "FEDORA-2019-006dfc94cd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"name": "FEDORA-2019-e080507ba5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"name": "FEDORA-2019-d778bd4137", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"name": "GLSA-202003-47", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-47"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:24:48.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"name": "DSA-4536", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4536"}, {"name": "USN-4141-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4141-1/"}, {"name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"name": "FEDORA-2019-006dfc94cd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"name": "FEDORA-2019-e080507ba5", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"name": "FEDORA-2019-d778bd4137", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"name": "GLSA-202003-47", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-47"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-16928", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T20:03:35.553352Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16928"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T20:04:50.543Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16928", "datePublished": "2019-09-27T20:07:12.000Z", "dateReserved": "2019-09-27T00:00:00.000Z", "dateUpdated": "2025-02-04T20:04:50.543Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://bugs.exim.org/show_bug.cgi?id=2449", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/1", "name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/2", "name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/3", "name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://www.debian.org/security/2019/dsa-4536", "name": "DSA-4536", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4141-1/", "name": "USN-4141-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/4", "name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/60", "name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/", "name": "FEDORA-2019-006dfc94cd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/", "name": "FEDORA-2019-e080507ba5", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/", "name": "FEDORA-2019-d778bd4137", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202003-47", "name": "GLSA-202003-47", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:24:48.568Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-16928", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T20:03:35.553352Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16928"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T20:03:18.338Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html", "tags": ["x_refsource_MISC"]}, {"url": "https://bugs.exim.org/show_bug.cgi?id=2449", "tags": ["x_refsource_MISC"]}, {"url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f", "tags": ["x_refsource_MISC"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/1", "name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/2", "name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/3", "name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://www.debian.org/security/2019/dsa-4536", "name": "DSA-4536", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://usn.ubuntu.com/4141-1/", "name": "USN-4141-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/4", "name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/60", "name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/", "name": "FEDORA-2019-006dfc94cd", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/", "name": "FEDORA-2019-e080507ba5", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/", "name": "FEDORA-2019-d778bd4137", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://security.gentoo.org/glsa/202003-47", "name": "GLSA-202003-47", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}], "descriptions": [{"lang": "en", "value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2020-03-20T20:06:16.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html", "name": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html", "refsource": "MISC"}, {"url": "https://bugs.exim.org/show_bug.cgi?id=2449", "name": "https://bugs.exim.org/show_bug.cgi?id=2449", "refsource": "MISC"}, {"url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f", "name": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f", "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/1", "name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/2", "name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/3", "name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2019/dsa-4536", "name": "DSA-4536", "refsource": "DEBIAN"}, {"url": "https://usn.ubuntu.com/4141-1/", "name": "USN-4141-1", "refsource": "UBUNTU"}, {"url": "http://www.openwall.com/lists/oss-security/2019/09/28/4", "name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST"}, {"url": "https://seclists.org/bugtraq/2019/Sep/60", "name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "refsource": "BUGTRAQ"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/", "name": "FEDORA-2019-006dfc94cd", "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/", "name": "FEDORA-2019-e080507ba5", "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/", "name": "FEDORA-2019-d778bd4137", "refsource": "FEDORA"}, {"url": "https://security.gentoo.org/glsa/202003-47", "name": "GLSA-202003-47", "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-16928", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2019-16928", "state": "PUBLISHED", "dateUpdated": "2025-02-04T20:04:50.543Z", "dateReserved": "2019-09-27T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2019-09-27T20:07:12.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-03-17", "cisaExploitAdd": "2022-03-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Exim Out-of-bounds Write Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6833B54-69D3-428C-8D54-50FFDE6154D2", "versionEndIncluding": "4.92.2", "versionStartIncluding": "4.92", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."}, {"lang": "es", "value": "Exim versiones 4.92 hasta 4.92.2, permite una ejecuci\u00f3n de c\u00f3digo remota, una vulnerabilidad diferente de CVE-2019-15846. Se presenta un desbordamiento del buffer basado en memoria din\u00e1mica (heap) en la funci\u00f3n string_vformat en el archivo string.c que implica un comando EHLO largo."}], "id": "CVE-2019-16928", "lastModified": "2025-03-07T14:24:42.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-09-27T21:15:10.017", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-47"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4141-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4141-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4536"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "exim: remotely triggerable buffer overflow in string_vformat()", "id": "1756930", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1756930"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-119->CWE-787", "details": ["Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.", "A heap-based buffer overflow flaw was found in Exim. The overflow can be triggered via specially crafted SMTP-protocol EHLO message, which may lead to unauthenticated remote code execution. It is thought that the execution of the remote code would be at the exim user level although execution as the root user cannot be ruled out."], "name": "CVE-2019-16928", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "exim", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-16928\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16928\nhttps://exim.org/static/doc/security/CVE-2019-16928.txt\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue did not affect Red Hat Enterprise Linux 5 as the exim package did not contain the vulnerable code in any of our supported products.", "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object