CVE-2019-16928

Priority
Description
Exim 4.92 through 4.92.2 allows remote code execution, a different
vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in
string_vformat in string.c involving a long EHLO command.
Assigned-to
mdeslaur
Notes
mdeslaur4.92 and higher only
Package
Source: exim4 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):released (4.92.1-1ubuntu3)
Patches:
Upstream:https://git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f
More Information

Updated: 2020-01-29 20:05:02 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)