CVE-2020-28018

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-28018

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28018.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-28018

Downstream

DEBIAN-CVE-2020-28018

UBUNTU-CVE-2020-28018

USN-4934-1

openSUSE-SU-2021:0677-1

openSUSE-SU-2021:0753-1

openSUSE-SU-2021:0754-1

openSUSE-SU-2024:10746-1

Related

Published

2021-05-06T13:15:09Z

Modified

2025-10-15T12:15:33.012572Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.

References

Affected packages

Git / github.com/exim/exim

Affected ranges

Type: GIT
Repo: https://github.com/exim/exim
Events: Introduced

d21bf202dbce10f259310dffcc6993f4d9886e56

Fixed

919111edac911ba9c15422eafd7c5bf14d416d26

Affected versions

exim-4.*

exim-4.92

exim-4.92-RC1

exim-4.92-RC2

exim-4.92-RC3

exim-4.92-RC4

exim-4.92-RC5

exim-4.92-RC6

exim-4.92-jgh

exim-4.93

exim-4.93-RC0

exim-4.93-RC1

exim-4.93-RC2

exim-4.93-RC3

exim-4.93-RC4

exim-4.93-RC5

exim-4.93-RC6

exim-4.93-RC7

exim-4.94

exim-4.94-RC1

exim-4.94-RC2

exim-4.94.1

Other

exim-4_90

exim-4_90_RC4

exim-4_91

exim-4_91_RC1

exim-4_91_RC2

exim-4_91_RC3

exim-4_91_RC4

exim-4_94_RC0

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "digest": {
            "length": 86.0,
            "function_hash": "85807556721849417698167290800033609961"
        },
        "signature_type": "Function",
        "source": "https://github.com/exim/exim/commit/919111edac911ba9c15422eafd7c5bf14d416d26",
        "id": "CVE-2020-28018-a5b97121",
        "target": {
            "file": "src/src/smtp_in.c",
            "function": "bdat_ungetc"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "2970847905863908930961351479348962244",
                "259127508678304675853565838131490768076",
                "16856440449629165604374376294870505588",
                "21031574626938302228709321949938569854",
                "66694532801356984293692391694813765468",
                "228435147706632689035739186300622821874",
                "137018139142916213668559470023354199721",
                "262955889687131153967951266340364206508",
                "122233694988885115887188843215612136724",
                "55546132595750780137850156557040648213",
                "178043897109541241882122479475000937559",
                "311496951671523793228361465075141960070"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/exim/exim/commit/919111edac911ba9c15422eafd7c5bf14d416d26",
        "id": "CVE-2020-28018-f33c15e3",
        "target": {
            "file": "src/src/smtp_in.c"
        },
        "signature_version": "v1"
    }
]