Vulnerability Details : CVE-2017-16943
Potential exploit
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2017-16943
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.88:-:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:-:*:*:*:*:*:*
Threat overview for CVE-2017-16943
Top countries where our scanners detected CVE-2017-16943
Top open port discovered on systems with this issue
80
IPs affected by CVE-2017-16943 8,087
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-16943!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-16943
12.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16943
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-16943
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-16943
-
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
[exim-announce] Critical Exim Security Vulnerability: disable chunkingMailing List
-
http://openwall.com/lists/oss-security/2017/11/25/3
oss-security - Re: RCE in Exim reportedMailing List
-
http://openwall.com/lists/oss-security/2017/11/25/2
oss-security - RCE in Exim reportedMailing List
-
https://bugs.exim.org/show_bug.cgi?id=2199
Bug 2199 – Exim use-after-free vulnerability while reading mail headerExploit;Issue Tracking
-
http://www.openwall.com/lists/oss-security/2021/05/04/7
oss-security - 21Nails: Multiple vulnerabilities in Exim
-
https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde
git.exim.org Git - exim.git/commitPatch
-
https://www.debian.org/security/2017/dsa-4053
Debian -- Security Information -- DSA-4053-1 exim4Third Party Advisory
-
https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944
PoC-Exploit-Mirror/CVE-2017-16944 at master · LetUsFsck/PoC-Exploit-Mirror · GitHubExploit
-
http://www.securitytracker.com/id/1039872
Exim Use-After-Free Memory Error in SMTP Service Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://openwall.com/lists/oss-security/2017/11/25/1
oss-security - Re: RCE in Exim reportedMailing List
-
https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
git.exim.org Git - exim.git/commitdiffPatch
Jump to