CVE-2020-28020

CVE-2020-28020

Name

CVE-2020-28020

Description

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt
Mailing List	http://www.openwall.com/lists/oss-security/2021/07/25/1
Mailing List	http://www.openwall.com/lists/oss-security/2021/08/03/1

Type

URI

MISC

https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt

Mailing List

http://www.openwall.com/lists/oss-security/2021/07/25/1

Mailing List

http://www.openwall.com/lists/oss-security/2021/08/03/1

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:exim:exim::::::::`	exim	>= 4.00:	< 4.94.2:
`cpe:2.3:a:exim:exim::::::::`	exim	>= 4.00	< 4.94.2
`cpe:2.3:a:exim:exim::::::::`	exim	>= 4.00	< 4.92

CPE URI

Source package

Min version

Max version

cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*

exim

>= 4.00:

< 4.94.2:

cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*

exim

>= 4.00

< 4.94.2

cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*

exim

>= 4.00

< 4.92

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
exim	edge-community	4.94.2-r1	Jesse Young <jlyo@jlyo.org>	fixed
exim	edge-community	4.94.2-r0	Jesse Young <jlyo@jlyo.org>	fixed
exim	edge-community	4.93-r1	None	possibly vulnerable
exim	edge-community	4.92.2-r1	None	possibly vulnerable
exim	edge-community	4.92.2-r0	None	possibly vulnerable
exim	edge-community	4.92.1-r0	None	possibly vulnerable
exim	edge-community	4.92-r0	None	possibly vulnerable
exim	edge-community	4.90.1-r0	None	possibly vulnerable
exim	edge-community	4.89.1-r0	None	possibly vulnerable
exim	edge-community	4.89-r7	None	possibly vulnerable
exim	edge-community	4.89-r5	None	possibly vulnerable
exim	3.22-community	4.94.2-r0	None	fixed
exim	3.22-community	4.93-r1	None	possibly vulnerable
exim	3.22-community	4.92.2-r1	None	possibly vulnerable
exim	3.22-community	4.92.2-r0	None	possibly vulnerable
exim	3.22-community	4.92.1-r0	None	possibly vulnerable
exim	3.22-community	4.92-r0	None	possibly vulnerable
exim	3.22-community	4.90.1-r0	None	possibly vulnerable
exim	3.22-community	4.89.1-r0	None	possibly vulnerable
exim	3.22-community	4.89-r7	None	possibly vulnerable
exim	3.22-community	4.89-r5	None	possibly vulnerable
exim	3.21-community	4.94.2-r0	None	fixed
exim	3.20-community	4.94.2-r0	None	fixed
exim	3.19-community	4.94.2-r0	None	fixed
exim	3.18-community	4.94.2-r0	None	fixed
exim	3.17-community	4.94.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

exim

edge-community

4.94.2-r1

Jesse Young <jlyo@jlyo.org>

fixed

exim

edge-community