Vulnerability Details : CVE-2014-2957
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
Vulnerability category: Input validationExecute code
Products affected by CVE-2014-2957
- cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.80.1:*:*:*:*:*:*:*
Threat overview for CVE-2014-2957
Top countries where our scanners detected CVE-2014-2957
Top open port discovered on systems with this issue
80
IPs affected by CVE-2014-2957 4,149
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-2957!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-2957
5.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2957
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-2957
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2957
-
https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
[exim] Exim 4.82.1 Security ReleasePatch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2021/05/04/7
oss-security - 21Nails: Multiple vulnerabilities in Exim
-
http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0
git.exim.org Git - exim.git/commitdiff
Jump to