Vulnerability Details CVE-2020-28018
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.64
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2021/05/11/14
- http://www.openwall.com/lists/oss-security/2021/05/11/15
- http://www.openwall.com/lists/oss-security/2021/05/11/17
- http://www.openwall.com/lists/oss-security/2021/05/11/5
- http://www.openwall.com/lists/oss-security/2021/05/11/6
- http://www.openwall.com/lists/oss-security/2021/05/12/2
- http://www.openwall.com/lists/oss-security/2021/05/12/3
- https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt
- http://www.openwall.com/lists/oss-security/2021/05/11/14
- http://www.openwall.com/lists/oss-security/2021/05/11/15
- http://www.openwall.com/lists/oss-security/2021/05/11/17
- http://www.openwall.com/lists/oss-security/2021/05/11/5
- http://www.openwall.com/lists/oss-security/2021/05/11/6
- http://www.openwall.com/lists/oss-security/2021/05/12/2
- http://www.openwall.com/lists/oss-security/2021/05/12/3
- https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt
Products affected by CVE-2020-28018
-
cpe:2.3:a:exim:exim:4.90
-
cpe:2.3:a:exim:exim:4.90.0.22
-
cpe:2.3:a:exim:exim:4.90.0.27
-
cpe:2.3:a:exim:exim:4.90.1
-
cpe:2.3:a:exim:exim:4.91
-
cpe:2.3:a:exim:exim:4.92
-
cpe:2.3:a:exim:exim:4.92.1
-
cpe:2.3:a:exim:exim:4.92.2
-
cpe:2.3:a:exim:exim:4.93
-
cpe:2.3:a:exim:exim:4.93.0.4
-
cpe:2.3:a:exim:exim:4.93.0.4-3.1
-
cpe:2.3:a:exim:exim:4.94
-
cpe:2.3:a:exim:exim:4.94.1