PublicDateAtUSN: 2021-05-04 13:30:00 UTC
Candidate: CVE-2020-28009
CRD: 2021-05-04 13:30:00 UTC
PublicDate: 2021-05-06 13:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009
 https://ubuntu.com/security/notices/USN-4934-1
 https://ubuntu.com/security/notices/USN-4934-2
Description:
 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because
 get_stdinput allows unbounded reads that are accompanied by unbounded
 increases in a certain size variable. NOTE: exploitation may be impractical
 because of the execution time needed to overflow (multiple days).
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_exim4:
upstream_exim4: needs-triage
precise/esm_exim4: DNE
trusty_exim4: ignored (out of standard support)
trusty/esm_exim4: released (4.82-3ubuntu2.4+esm3)
xenial_exim4: ignored (end of standard support, was needs-triage)
esm-infra/xenial_exim4: released (4.86.2-2ubuntu2.6+esm1)
bionic_exim4: released (4.90.1-1ubuntu1.8)
focal_exim4: released (4.93-13ubuntu1.5)
groovy_exim4: released (4.94-7ubuntu1.2)
hirsute_exim4: released (4.94-15ubuntu1.2)
impish_exim4: released (4.94-15ubuntu1.2)
jammy_exim4: released (4.94-15ubuntu1.2)
devel_exim4: released (4.94-15ubuntu1.2)