oss-sec mailing list archives
Re: Exim < 4.95 heap overflow
From: Stuart Henderson <sthen () openbsd org>
Date: Sun, 7 Aug 2022 11:41:12 +0100
On 2022/08/06 22:46, Evgeny Legerov wrote:
Hi, Here is another bug which has been silently fixed in Exim. It has not been recognized as a security issue, many distros still don't have this patch. Original report + patch is here - https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 Analysis of the bug - https://github.com/ivd38/exim_overflow I don't post here because it is huge snippet of code.
As a reader, I would much rather have a self-contained list post with a huge snippet of code, than a link to an external source. But in this case it isn't huge at all; the entire contents of https://github.com/ivd38/exim_overflow (README.md, exim.conf, asan.log) are certainly short enough for a list post.
Current thread:
- Exim < 4.95 heap overflow Evgeny Legerov (Aug 06)
- Re: Exim < 4.95 heap overflow John Helmert III (Aug 07)
- Re: Exim < 4.95 heap overflow Roxana Bradescu (Aug 07)
- Re: [Exim-Security] [oss-security] Exim < 4.95 heap overflow Graeme Fowler (Aug 10)
- Re: [Exim-Security] [oss-security] Exim < 4.95 heap overflow Roxana Bradescu (Aug 12)
- Re: Exim < 4.95 heap overflow Roxana Bradescu (Aug 07)
- Re: Exim < 4.95 heap overflow John Helmert III (Aug 07)
- Re: Exim < 4.95 heap overflow Stuart Henderson (Aug 07)