Request a Demo
Rewterz
Rewterz Threat Alert – Defense Contractor Themed Spearphishing
October 1, 2019
Rewterz
Rewterz Threat Advisory – CVE-2019-6008 – ICS: Yokogawa Products Vulnerability
October 2, 2019

Rewterz Threat Advisory – CVE-2019-16928 – Exim string_vformat function buffer overflow Vulnerability

Severity

Medium

Analysis Summary

Exim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the string_vformat function in string.c. By sending an overly-long EHLO string, a remote attacker could overflow a buffer and execute arbitrary code on the system.

Impact

Unauthorized Access

Affected Vendors

Exim

Affected Products

  • Exim Exim 4.92
  • Exim Exim 4.92.1
  • Exim Exim 4.92.2

Remediation

Upgrade to the latest version of Exim (4.92.3 or later)