oss-sec mailing list archives
Re: Exim < 4.95 heap overflow
From: John Helmert III <ajak () gentoo org>
Date: Sat, 6 Aug 2022 15:59:14 -0500
On Sat, Aug 06, 2022 at 10:46:42PM +0300, Evgeny Legerov wrote:
Hi, Here is another bug which has been silently fixed in Exim. It has not been recognized as a security issue, many distros still don't have this patch.
Why do you say it hasn't been recognized as a security issue? Distros don't usually have a way of knowing about a vulnerability that needs patching without a CVE. Have you requested a CVE?
Original report + patch is here - https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743
That commit does not seem like an original report.
Analysis of the bug - https://github.com/ivd38/exim_overflow I don't post here because it is huge snippet of code. regards, -e
Attachment:
signature.asc
Description:
Current thread:
- Exim < 4.95 heap overflow Evgeny Legerov (Aug 06)
- Re: Exim < 4.95 heap overflow John Helmert III (Aug 07)
- Re: Exim < 4.95 heap overflow Roxana Bradescu (Aug 07)
- Re: [Exim-Security] [oss-security] Exim < 4.95 heap overflow Graeme Fowler (Aug 10)
- Re: [Exim-Security] [oss-security] Exim < 4.95 heap overflow Roxana Bradescu (Aug 12)
- Re: Exim < 4.95 heap overflow Roxana Bradescu (Aug 07)
- Re: Exim < 4.95 heap overflow John Helmert III (Aug 07)
- Re: Exim < 4.95 heap overflow Stuart Henderson (Aug 07)