FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Exim -- heap-based buffer overflow in string_vformat leading to RCE

Affected packages
4.92 <= exim < 4.92.3

Details

VuXML ID e917caba-e291-11e9-89f1-152fed202bb7
Discovery 2019-09-28
Entry 2019-09-29

Exim developers team report:

There is a heap overflow in string_vformat().Using a EHLO message, remote code execution seems to be possible.

References

URL https://www.openwall.com/lists/oss-security/2019/09/28/1