CVE-2010-4344

Published Dec 14, 2010

Last updated 16 days ago

Exploit known CVSS critical 9.8

Overview

Description: Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name: Exim Heap-Based Buffer Overflow Vulnerability
Exploit added on: Mar 25, 2022
Exploit action due: Apr 15, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-787
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "814F64F6-15D3-443C-BC00-4BC1A8F89C8A",
            "versionEndExcluding": "4.70"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References