CVE-2019-16928 (retired)

Priority
Description
Exim 4.92 through 4.92.2 allows remote code execution, a different
vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in
string_vformat in string.c involving a long EHLO command.
Assigned-to
mdeslaur
Notes
mdeslaur4.92 and higher only
Package
Source: exim4 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):released (4.92-4ubuntu1.4)
Ubuntu 19.10 (Eoan):released (4.92.1-1ubuntu3)
Patches:
Upstream:https://git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f
More Information

Updated: 2019-10-09 08:05:21 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)