CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "18.04"
                },
                {
                    "last_affected": "18.10"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "canonical:ubuntu_linux",
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
            ]
        },
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_FIELD",
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/exim/exim

Affected ranges

Type

GIT

Repo

https://github.com/exim/exim

Events

Introduced

74d8288d7a8fa83989968647149ae47ba10194f8

Last affected

c1b32ab6ef9300e2ecab6736139e3e50874cd3a6

Database specific

{
    "cpe": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "4.87"
        },
        {
            "last_affected": "4.91"
        }
    ]
}

Affected versions

exim-4.*

exim-4.90devstart

Other

exim-4_87

exim-4_88

exim-4_88_RC1

exim-4_88_RC2

exim-4_88_RC3

exim-4_88_RC4

exim-4_88_RC5

exim-4_88_RC6

exim-4_89_RC1

exim-4_89_RC3

exim-4_90

exim-4_90_RC1

exim-4_90_RC2

exim-4_90_RC3

exim-4_90_RC4

exim-4_91

exim-4_91_RC1

exim-4_91_RC2

exim-4_91_RC3

exim-4_91_RC4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10149.json"