CVE-2014-2972

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
eximexim
𝑥
≤ 4.82.1
eximexim
4.00
eximexim
4.01
eximexim
4.02
eximexim
4.03
eximexim
4.04
eximexim
4.05
eximexim
4.10
eximexim
4.11
eximexim
4.12
eximexim
4.14
eximexim
4.20
eximexim
4.21
eximexim
4.22
eximexim
4.23
eximexim
4.24
eximexim
4.30
eximexim
4.31
eximexim
4.32
eximexim
4.33
eximexim
4.34
eximexim
4.40
eximexim
4.41
eximexim
4.42
eximexim
4.43
eximexim
4.44
eximexim
4.50
eximexim
4.51
eximexim
4.52
eximexim
4.53
eximexim
4.54
eximexim
4.60
eximexim
4.61
eximexim
4.62
eximexim
4.63
eximexim
4.64
eximexim
4.65
eximexim
4.66
eximexim
4.67
eximexim
4.68
eximexim
4.69
eximexim
4.70
eximexim
4.71
eximexim
4.72
eximexim
4.73
eximexim
4.74
eximexim
4.75
eximexim
4.76
eximexim
4.77
eximexim
4.80
eximexim
4.80.1
eximexim
4.82
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exim4
bullseye
4.94.2-7+deb11u3
fixed
squeeze
no-dsa
bullseye (security)
4.94.2-7+deb11u4
fixed
bookworm
4.96-15+deb12u5
fixed
bookworm (security)
4.96-15+deb12u5
fixed
sid
4.98-2
fixed
trixie
4.98-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exim4
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
Fixed 4.82-3ubuntu2.1
released
precise
Fixed 4.76-3ubuntu3.3
released
lucid
ignored
Common Weakness Enumeration
References
http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html
http://www.ubuntu.com/usn/USN-2933-1
https://bugzilla.redhat.com/show_bug.cgi?id=1122552
https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html
https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html
https://security.gentoo.org/glsa/201607-12
http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html
http://www.ubuntu.com/usn/USN-2933-1
https://bugzilla.redhat.com/show_bug.cgi?id=1122552
https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html
https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html
https://security.gentoo.org/glsa/201607-12