Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "signature_version": "v1", "digest": { "length": 86.0, "function_hash": "85807556721849417698167290800033609961" }, "target": { "function": "bdat_ungetc", "file": "src/src/smtp_in.c" }, "id": "CVE-2020-28024-a5b97121", "source": "https://github.com/exim/exim/commit/919111edac911ba9c15422eafd7c5bf14d416d26" }, { "deprecated": false, "signature_type": "Line", "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "2970847905863908930961351479348962244", "259127508678304675853565838131490768076", "16856440449629165604374376294870505588", "21031574626938302228709321949938569854", "66694532801356984293692391694813765468", "228435147706632689035739186300622821874", "137018139142916213668559470023354199721", "262955889687131153967951266340364206508", "122233694988885115887188843215612136724", "55546132595750780137850156557040648213", "178043897109541241882122479475000937559", "311496951671523793228361465075141960070" ] }, "target": { "file": "src/src/smtp_in.c" }, "id": "CVE-2020-28024-f33c15e3", "source": "https://github.com/exim/exim/commit/919111edac911ba9c15422eafd7c5bf14d416d26" } ] }