{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-20T20:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"tags": ["x_refsource_MISC"], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"name": "DSA-4536", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4536"}, {"name": "USN-4141-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4141-1/"}, {"name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"name": "FEDORA-2019-006dfc94cd", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"name": "FEDORA-2019-e080507ba5", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"name": "FEDORA-2019-d778bd4137", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"name": "GLSA-202003-47", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-47"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16928", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html", "refsource": "MISC", "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"name": "https://bugs.exim.org/show_bug.cgi?id=2449", "refsource": "MISC", "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"name": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f", "refsource": "MISC", "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"name": "DSA-4536", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4536"}, {"name": "USN-4141-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4141-1/"}, {"name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"name": "FEDORA-2019-006dfc94cd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"name": "FEDORA-2019-e080507ba5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"name": "FEDORA-2019-d778bd4137", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"name": "GLSA-202003-47", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-47"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:24:48.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"name": "[oss-security] 20190928 Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"name": "[oss-security] 20190928 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"name": "DSA-4536", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4536"}, {"name": "USN-4141-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4141-1/"}, {"name": "[oss-security] 20190929 Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"name": "20190929 [SECURITY] [DSA 4536-1] exim4 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"name": "FEDORA-2019-006dfc94cd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"name": "FEDORA-2019-e080507ba5", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"name": "FEDORA-2019-d778bd4137", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"name": "GLSA-202003-47", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-47"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16928", "datePublished": "2019-09-27T20:07:12", "dateReserved": "2019-09-27T00:00:00", "dateUpdated": "2024-08-05T01:24:48.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-03-17", "cisaExploitAdd": "2022-03-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Exim Out-of-bounds Write Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6833B54-69D3-428C-8D54-50FFDE6154D2", "versionEndIncluding": "4.92.2", "versionStartIncluding": "4.92", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."}, {"lang": "es", "value": "Exim versiones 4.92 hasta 4.92.2, permite una ejecuci\u00f3n de c\u00f3digo remota, una vulnerabilidad diferente de CVE-2019-15846. Se presenta un desbordamiento del buffer basado en memoria din\u00e1mica (heap) en la funci\u00f3n string_vformat en el archivo string.c que implica un comando EHLO largo."}], "id": "CVE-2019-16928", "lastModified": "2024-11-21T04:31:21.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-27T21:15:10.017", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-47"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4141-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.exim.org/show_bug.cgi?id=2449"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/60"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4141-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4536"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "exim: remotely triggerable buffer overflow in string_vformat()", "id": "1756930", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1756930"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-119->CWE-787", "details": ["Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.", "A heap-based buffer overflow flaw was found in Exim. The overflow can be triggered via specially crafted SMTP-protocol EHLO message, which may lead to unauthenticated remote code execution. It is thought that the execution of the remote code would be at the exim user level although execution as the root user cannot be ruled out."], "name": "CVE-2019-16928", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "exim", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-16928\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16928\nhttps://exim.org/static/doc/security/CVE-2019-16928.txt\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue did not affect Red Hat Enterprise Linux 5 as the exim package did not contain the vulnerable code in any of our supported products.", "threat_severity": "Critical", "upstream_fix": "exim 4.92.3"}