// For flags

CVE-2012-5671

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

Desbordamiento de búfer basado en memoria dinámica en la función dkim_exim_query_dns_txt en dkim.c en Exim v4.70 hasta v4.80, cuando el soporte DKIM está habilitado y acl_smtp_connect y acl_smtp_rcpt no están establecidos en "warn control = dkim_disable_verify", permite a atacantes remotos ejecutar código arbitrario a través de un correo electrónico de un servidor DNS malicioso.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-10-24 CVE Reserved
  • 2012-10-26 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-09-26 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.70
Search vendor "Exim" for product "Exim" and version "4.70"
-
Affected
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.71
Search vendor "Exim" for product "Exim" and version "4.71"
-
Affected
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.72
Search vendor "Exim" for product "Exim" and version "4.72"
-
Affected
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.73
Search vendor "Exim" for product "Exim" and version "4.73"
-
Affected
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.74
Search vendor "Exim" for product "Exim" and version "4.74"
-
Affected
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.75
Search vendor "Exim" for product "Exim" and version "4.75"
-
Affected
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.76
Search vendor "Exim" for product "Exim" and version "4.76"
-
Affected
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.77
Search vendor "Exim" for product "Exim" and version "4.77"
-
Affected
Exim
Search vendor "Exim"
Exim
Search vendor "Exim" for product "Exim"
4.80
Search vendor "Exim" for product "Exim" and version "4.80"
-
Affected