CVE-2020-28018
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-28018
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28018.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-28018
- Related
- Published
- 2021-05-06T13:15:09Z
- Modified
- 2024-10-12T06:27:38.503802Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
- References
-
- https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt
- http://www.openwall.com/lists/oss-security/2021/05/11/14
- http://www.openwall.com/lists/oss-security/2021/05/11/15
- http://www.openwall.com/lists/oss-security/2021/05/11/17
- http://www.openwall.com/lists/oss-security/2021/05/11/5
- http://www.openwall.com/lists/oss-security/2021/05/11/6
- http://www.openwall.com/lists/oss-security/2021/05/12/2
- http://www.openwall.com/lists/oss-security/2021/05/12/3
- https://security-tracker.debian.org/tracker/CVE-2020-28018
Affected packages
Debian:11 / exim4
Package
- Name
- exim4
- Purl
- pkg:deb/debian/exim4?arch=source
Debian:12 / exim4
Package
- Name
- exim4
- Purl
- pkg:deb/debian/exim4?arch=source
Debian:13 / exim4
Package
- Name
- exim4
- Purl
- pkg:deb/debian/exim4?arch=source
Git / github.com/exim/exim
Affected versions
exim-4.*
exim-4.92
exim-4.92-RC1
exim-4.92-RC2
exim-4.92-RC3
exim-4.92-RC4
exim-4.92-RC5
exim-4.92-RC6
exim-4.92-jgh
exim-4.93
exim-4.93-RC0
exim-4.93-RC1
exim-4.93-RC2
exim-4.93-RC3
exim-4.93-RC4
exim-4.93-RC5
exim-4.93-RC6
exim-4.93-RC7
exim-4.94
exim-4.94-RC1
exim-4.94-RC2
exim-4.94.1
Other
exim-4_90
exim-4_90_RC4
exim-4_91
exim-4_91_RC1
exim-4_91_RC2
exim-4_91_RC3
exim-4_91_RC4
exim-4_94_RC0