Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
{ "source": "CPE_RANGE", "extracted_events": [ { "introduced": "4.00" }, { "fixed": "4.94.2" } ], "cpe": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*" }
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28013.json"