Exim security update-CVE-2019-16928

March 14, 2022

NAME

EximExim

  • Platforms Affected:
    Exim

  • Risk Level:
    medium

  • CVE Type:
    Buffer overflow

DESCRIPTION

CVE-2019-16928 is a buffer overflow vulnerability impacting Exim versions 4.92 through 4.92.2. A proof of concept (PoC) was observed in open source. Security researchers at the Cybersecurity and Infrastructure Security Agency (CISA) claimed the vulnerability was actively exploited in the wild.

CVSS Information:

  • CVSS 2.0 SCORE: 7.5
  • CVSS 3.0 SCORE: 9.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:
    true

  • PoC Link:
    hXXps://bugs[.]exim[.]org/show_bug[.]cgi?id=2449

MITIGATION

The vendor addressed the vulnerability in a security update with an updated version.

  • Reference Link:
    https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2
Tags: , ,

You may have missed

BianLian

BianLian Ransomware Victim: Optometric Physicians of Middle Tennessee

April 26, 2024
ransomhouse 1

RansomHouse Ransomware Victim: Hirsh Industries

April 26, 2024
CISA Logo

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

April 26, 2024
CISA Logo

CISA: CISA and Partners Release Advisory on Akira Ransomware

April 26, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 26, 2024