Vulnerability Details : CVE-2022-37451
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
Products affected by CVE-2022-37451
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
Threat overview for CVE-2022-37451
Top countries where our scanners detected CVE-2022-37451
Top open port discovered on systems with this issue
80
IPs affected by CVE-2022-37451 488,886
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2022-37451!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2022-37451
0.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-37451
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-37451
-
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-37451
-
https://www.openwall.com/lists/oss-security/2022/08/06/1
oss-security - Exim 4.95 invalid freeMailing List;Third Party Advisory
-
https://github.com/Exim/exim/wiki/EximSecurity
EximSecurity · Exim/exim Wiki · GitHubRelease Notes;Third Party Advisory
-
https://cwe.mitre.org/data/definitions/762.html
CWE - CWE-762: Mismatched Memory Management Routines (4.8)Third Party Advisory
-
https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html
[exim] Exim 4.96 releasedMailing List;Release Notes;Vendor Advisory
-
https://github.com/ivd38/exim_invalid_free
GitHub - ivd38/exim_invalid_freeExploit;Patch;Third Party Advisory
-
https://www.exim.org/static/doc/security/
Index of /static/doc/security/Vendor Advisory
-
https://github.com/Exim/exim/compare/exim-4.95...exim-4.96
Comparing exim-4.95...exim-4.96 · Exim/exim · GitHubRelease Notes;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY/
[SECURITY] Fedora 35 Update: exim-4.96-2.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XSWDF4QEXD4TDWQLYQOWCHBJKTDQR4Z7/
[SECURITY] Fedora 36 Update: exim-4.96-2.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42
Fix PAM auth. Bug 2813 · Exim/exim@51be321 · GitHubPatch;Third Party Advisory
Jump to