--- /dev/null
+CVE ID: CVE-2019-16928
+Date: 2019-09-27 (CVE assigned)
+Version(s): from 4.92 up to and including 4.92.2
+Reporter: QAX-A-TEAM <areuu@outlook.com>
+Reference: https://bugs.exim.org/show_bug.cgi?id=2449
+Issue: Heap-based buffer overflow in string_vformat,
+ remote code execution seems to be possible
+
+Conditions to be vulnerable
+===========================
+
+All versions from (and including) 4.92 up to (and including) 4.92.2 are
+vulnerable.
+
+Details
+=======
+
+There is a heap-based buffer overflow in string_vformat (string.c).
+The currently known exploit uses a extraordinary long EHLO string to
+crash the Exim process that is receiving the message. While at this
+mode of operation Exim already dropped its privileges, other paths to
+reach the vulnerable code may exist.
+
+Mitigation
+==========
+
+There is - beside updating the server - no known mitigation.
+
+Fix
+===
+
+Download and build the fixed version 4.92.3
+
+ Tarballs: https://ftp.exim.org/pub/exim/exim4/
+ Git: https://github.com/Exim/exim.git
+ - tag exim-4.92.3
+ - branch exim-4.92.3+fixes
+
+The tagged commit is the officially released version. The +fixes branch
+isn't officially maintained, but contains the security fix *and* useful
+fixes.
+
+If you can't install the above versions, ask your package maintainer for
+a version containing the backported fix. On request and depending on our
+resources we will support you in backporting the fix. (Please note,
+the Exim project officially doesn't support versions prior the current
+stable version.)
git://git.exim.org / exim-website.git / blobdiff