VDB

GSD-2019-10149

GSD-2019-10149 PUBLISHED CVSS 9 CRITICAL

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Risk Scores

CVSS 3.0
9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
eximexim4.92

Timeline

  • Jun 4, 2019 CVE Published
  • Jun 10, 2019 PoC Published
  • Jun 13, 2019 PoC Published
  • Jun 17, 2019 PoC Published
  • Aug 23, 2019 PoC Published
  • Aug 26, 2019 PoC Published
  • May 28, 2020 PoC Published
  • May 29, 2020 PoC Published
  • Jun 16, 2020 PoC Published
  • Oct 9, 2020 PoC Published
  • Oct 22, 2020 PoC Published
  • Oct 22, 2020 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›