CVE-2019-13917

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

References

Affected packages

Git / github.com/exim/exim

Affected ranges

Type

GIT

Repo

https://github.com/exim/exim

Events

Introduced

7fcd7cd65f514c57b0670633c4d8d9583294f6a9

Last affected

ae63862ba6f6ee0c17ec865cc6cf0eebb3ca2389

Database specific

{
    "versions": [
        {
            "introduced": "4.85"
        },
        {
            "last_affected": "4.92"
        }
    ]
}

Affected versions

exim-4.*

exim-4.90devstart

exim-4.92

exim-4.92-RC1

exim-4.92-RC2

exim-4.92-RC3

exim-4.92-RC4

exim-4.92-RC5

exim-4.92-RC6

exim-4.92-jgh

Other

exim-4_85

exim-4_86

exim-4_86_RC1

exim-4_86_RC2

exim-4_86_RC3

exim-4_86_RC4

exim-4_86_RC5

exim-4_87

exim-4_87_RC1

exim-4_87_RC2

exim-4_87_RC3

exim-4_87_RC4

exim-4_87_RC5

exim-4_87_RC6

exim-4_87_RC7

exim-4_88

exim-4_88_RC1

exim-4_88_RC2

exim-4_88_RC3

exim-4_88_RC4

exim-4_88_RC5

exim-4_88_RC6

exim-4_89_RC1

exim-4_89_RC3

exim-4_90

exim-4_90_RC1

exim-4_90_RC2

exim-4_90_RC3

exim-4_90_RC4

exim-4_91

exim-4_91_RC1

exim-4_91_RC2

exim-4_91_RC3

exim-4_91_RC4

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13917.json"