PublicDateAtUSN: 2021-05-04 13:30:00 UTC
Candidate: CVE-2020-28019
CRD: 2021-05-04 13:30:00 UTC
PublicDate: 2021-05-06 13:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019
 https://ubuntu.com/security/notices/USN-4934-1
Description:
 Exim 4 before 4.94.2 has Improper Initialization that can lead to
 recursion-based stack consumption or other consequences. This occurs
 because use of certain getc functions is mishandled when a client uses BDAT
 instead of DATA.
Ubuntu-Description: 
Notes: 
 leosilva> trusty/xenial ESM not affected.
 leosilva> vulnerability was introduced by: https://git.exim.org/exim.git/patch/7e3ce68e68ab9b8906a637d352993abf361554e2
Mitigation: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_exim4:
upstream_exim4: needs-triage
precise/esm_exim4: DNE
trusty_exim4: ignored (out of standard support)
trusty/esm_exim4: not-affected
xenial_exim4: ignored (end of standard support, was needs-triage)
esm-infra/xenial_exim4: not-affected
bionic_exim4: released (4.90.1-1ubuntu1.8)
focal_exim4: released (4.93-13ubuntu1.5)
groovy_exim4: released (4.94-7ubuntu1.2)
hirsute_exim4: released (4.94-15ubuntu1.2)
impish_exim4: released (4.94-15ubuntu1.2)
jammy_exim4: released (4.94-15ubuntu1.2)
devel_exim4: released (4.94-15ubuntu1.2)