CVE-2014-2957

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-2957

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-2957.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-2957

Related

Published

2014-09-04T17:55:05Z

Modified

2024-06-30T12:01:22Z

Summary

[none]

Details

The dmarcprocess function in dmarc.c in Exim before 4.82.1, when EXPERIMENTALDMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

References

Affected packages

Debian:11 / exim4

Package

Name: exim4
Purl: pkg:deb/debian/exim4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.82.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / exim4

Package

Name: exim4
Purl: pkg:deb/debian/exim4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.82.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / exim4

Package

Name: exim4
Purl: pkg:deb/debian/exim4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.82.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}