CVE-2022-37451 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Affected Products (NVD)

Vendor	Product	Version
exim	exim	𝑥 < 4.96

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

exim4

bookworm	4.96-15+deb12u5 fixed
bookworm (security)	4.96-15+deb12u5 fixed
bullseye	4.94.2-7+deb11u3 not-affected
bullseye (security)	4.94.2-7+deb11u4 fixed
buster	not-affected
sid	4.98-2 fixed
trixie	4.98-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

exim4

bionic	not-affected
focal	not-affected
jammy	not-affected
kinetic	not-affected
trusty	not-affected
xenial	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-763 - Release of Invalid Pointer or Reference
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

References

https://cwe.mitre.org/data/definitions/762.html

https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42

https://github.com/Exim/exim/compare/exim-4.95...exim-4.96

https://github.com/Exim/exim/wiki/EximSecurity

https://github.com/ivd38/exim_invalid_free

https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XSWDF4QEXD4TDWQLYQOWCHBJKTDQR4Z7/

https://www.exim.org/static/doc/security/

https://www.openwall.com/lists/oss-security/2022/08/06/1

https://cwe.mitre.org/data/definitions/762.html

https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42

https://github.com/Exim/exim/compare/exim-4.95...exim-4.96

https://github.com/Exim/exim/wiki/EximSecurity

https://github.com/ivd38/exim_invalid_free

https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XSWDF4QEXD4TDWQLYQOWCHBJKTDQR4Z7/

https://www.exim.org/static/doc/security/

https://www.openwall.com/lists/oss-security/2022/08/06/1