[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-37451Date: (C)2022-08-09   (M)2024-02-06


Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score :
Exploit Score: 3.9Exploit Score:
Impact Score: 3.6Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: NONEAvailability:
Integrity: NONE 
Availability: HIGH 
  
Reference:
FEDORA-2022-1ca1d22165
FEDORA-2022-f9a8388e62
https://cwe.mitre.org/data/definitions/762.html
https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42
https://github.com/Exim/exim/compare/exim-4.95...exim-4.96
https://github.com/Exim/exim/wiki/EximSecurity
https://github.com/ivd38/exim_invalid_free
https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html
https://www.exim.org/static/doc/security/
https://www.openwall.com/lists/oss-security/2022/08/06/1

CPE    1
cpe:/a:exim:exim
CWE    1
CWE-763
OVAL    4
oval:org.secpod.oval:def:1601709
oval:org.secpod.oval:def:124171
oval:org.secpod.oval:def:124169
oval:org.secpod.oval:def:97668
...

© SecPod Technologies