CVE-2020-12783 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Vendor	Product	Version
exim	exim	𝑥 ≤ 4.93
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
canonical	ubuntu_linux	20.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

exim4

bullseye	4.94.2-7+deb11u3 fixed
bullseye (security)	4.94.2-7+deb11u4 fixed
bookworm	4.96-15+deb12u5 fixed
bookworm (security)	4.96-15+deb12u5 fixed
sid	4.98-2 fixed
trixie	4.98-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

exim4

focal	Fixed 4.93-13ubuntu1.1 released
eoan	Fixed 4.92.1-1ubuntu3.1 released
bionic	Fixed 4.90.1-1ubuntu1.5 released
xenial	Fixed 4.86.2-2ubuntu2.6 released
trusty	Fixed 4.82-3ubuntu2.4+esm2 released

Known Exploits!

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://www.openwall.com/lists/oss-security/2021/05/04/7

https://bugs.exim.org/show_bug.cgi?id=2571

https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86

https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0

https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/

https://usn.ubuntu.com/4366-1/

https://www.debian.org/security/2020/dsa-4687

http://www.openwall.com/lists/oss-security/2021/05/04/7

https://bugs.exim.org/show_bug.cgi?id=2571

https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86

https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0

https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/

https://usn.ubuntu.com/4366-1/

https://www.debian.org/security/2020/dsa-4687