CVE-2012-5671
Published Oct 31, 2012
Last updated 7 years ago
Overview
- Description
- Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "452E9C94-B7FF-40A9-A7F9-FC38824F6135"
},
{
"criteria": "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8EB3709-D51F-46D1-99B8-CFB4C2275077"
},
{
"criteria": "cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBDB2156-072B-4392-9DC8-266FF1B8C7A4"
},
{
"criteria": "cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02F8A053-4578-4C45-A193-C188E45ED010"
},
{
"criteria": "cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5DC11D6-F67F-40A8-B8BF-2E76DD2F9091"
},
{
"criteria": "cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5854CAF2-1587-4B91-9F9B-E2C57C22C426"
},
{
"criteria": "cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24D504C3-139D-4627-BD72-B6B46B360CE6"
},
{
"criteria": "cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF796BE5-380B-4DBF-A4FF-4CDF98B69C97"
},
{
"criteria": "cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6526E201-30CC-4C12-B2B4-06EBA663D39F"
}
],
"operator": "OR"
}
]
}
]