PublicDateAtUSN: 2021-05-04 13:30:00 UTC
Candidate: CVE-2020-28023
CRD: 2021-05-04 13:30:00 UTC
PublicDate: 2021-05-06 13:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023
 https://ubuntu.com/security/notices/USN-4934-1
Description:
 Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose
 sensitive information from process memory to an unauthenticated SMTP
 client.
Ubuntu-Description: 
Notes: 
 leosilva> trusty/xenial ESM not-affected code not present
Mitigation: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_exim4:
upstream_exim4: needs-triage
precise/esm_exim4: DNE
trusty_exim4: ignored (out of standard support)
trusty/esm_exim4: not-affected (code not present)
xenial_exim4: ignored (end of standard support, was needs-triage)
esm-infra/xenial_exim4: not-affected (code not present)
bionic_exim4: released (4.90.1-1ubuntu1.8)
focal_exim4: released (4.93-13ubuntu1.5)
groovy_exim4: released (4.94-7ubuntu1.2)
hirsute_exim4: released (4.94-15ubuntu1.2)
impish_exim4: released (4.94-15ubuntu1.2)
jammy_exim4: released (4.94-15ubuntu1.2)
devel_exim4: released (4.94-15ubuntu1.2)