CVE Vulnerabilities

CVE-2003-0743

Published: Oct 20, 2003 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the (no argument given) string is appended to the buffer.

Affected Software

Name Vendor Start Version End Version
Exim University_of_cambridge 3.0 3.0
Exim University_of_cambridge 3.3 3.3
Exim University_of_cambridge 3.3.1 3.3.1
Exim University_of_cambridge 3.3.2 3.3.2
Exim University_of_cambridge 3.11 3.11
Exim University_of_cambridge 3.12 3.12
Exim University_of_cambridge 3.13 3.13
Exim University_of_cambridge 3.14 3.14
Exim University_of_cambridge 3.15 3.15
Exim University_of_cambridge 3.16 3.16
Exim University_of_cambridge 3.17 3.17
Exim University_of_cambridge 3.18 3.18
Exim University_of_cambridge 3.19 3.19
Exim University_of_cambridge 3.20 3.20
Exim University_of_cambridge 3.21 3.21
Exim University_of_cambridge 3.22 3.22
Exim University_of_cambridge 3.30 3.30
Exim University_of_cambridge 3.31 3.31
Exim University_of_cambridge 3.32 3.32
Exim University_of_cambridge 3.33 3.33
Exim University_of_cambridge 3.34 3.34
Exim University_of_cambridge 3.35 3.35
Exim University_of_cambridge 3.36 3.36
Exim University_of_cambridge 4.10 4.10
Exim University_of_cambridge 4.20 4.20

References