CVSS: 9.8EPSS: 76%CPEs: 3EXPL: 3CVE-2017-16943 – Ubuntu Security Notice USN-3493-1
https://notcve.org/view.php?id=CVE-2017-16943
25 Nov 2017 — The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. La función receive_msg en receive.c en el demonio SMTP en Exim 4.88 y 4.89 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante vectores relacionados con comandos BDAT. It was discovered that Exim incorrectly h... • https://github.com/beraphin/CVE-2017-16943 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 75%CPEs: 3EXPL: 3CVE-2017-16944 – Exim 4.89 - 'BDAT' Denial of Service
https://notcve.org/view.php?id=CVE-2017-16944
25 Nov 2017 — The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function. La función receive_msg en receive.c en el demonio SMTP en Exim 4.88 y 4.89 permite que atacantes remotos provoquen una denegación de servicio (bucle infinito y agotamiento de pila) mediante vecto... • https://packetstorm.news/files/id/145152 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1000369 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000369
19 Jun 2017 — Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Exim es compatible con el uso de múltiples argumentos de líneas de... • http://www.debian.org/security/2017/dsa-3888 • CWE-404: Improper Resource Shutdown or Release •