CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

References

Affected packages

Git / github.com/exim/exim

Affected ranges

Type: GIT
Repo: https://github.com/exim/exim
Events: Introduced

74d8288d7a8fa83989968647149ae47ba10194f8

Last affected

c1b32ab6ef9300e2ecab6736139e3e50874cd3a6

Affected versions

exim-4.*

exim-4.90devstart

Other

exim-4_87

exim-4_88

exim-4_88_RC1

exim-4_88_RC2

exim-4_88_RC3

exim-4_88_RC4

exim-4_88_RC5

exim-4_88_RC6

exim-4_89_RC1

exim-4_89_RC3

exim-4_90

exim-4_90_RC1

exim-4_90_RC2

exim-4_90_RC3

exim-4_90_RC4

exim-4_91

exim-4_91_RC1

exim-4_91_RC2

exim-4_91_RC3

exim-4_91_RC4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10149.json"