CVE-2017-16943: Use After Free
First published: Sat Nov 25 2017(Updated: )
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/exim4 | <=4.89-1<=4.89-2+deb9u1<=4.89-9 | 4.89-12 4.90~RC3-1 4.89-2+deb9u2 |
| Exim Exim | =4.88 | |
| Exim Exim | =4.89 | |
| Debian Debian Linux | =9.0 | |
| debian/exim4 | 4.92-8+deb10u6 4.92-8+deb10u8 4.94.2-7 4.94.2-7+deb11u1 4.96-15+deb12u1 4.96-15+deb12u2 4.97~RC2-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
- https://lists.exim.org/mailman/listinfo/exim-announce
- http://www.exim.org/
- https://bugs.exim.org/show_bug.cgi?id=2199
- https://bugs.exim.org/show_bug.cgi?id=2201
- https://security-tracker.debian.org/exim4
- https://security-tracker.debian.org/tracker/CVE-2017-16943
- https://security-tracker.debian.org/tracker/CVE-2017-16944
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882648
- http://openwall.com/lists/oss-security/2017/11/25/1
- http://openwall.com/lists/oss-security/2017/11/25/2
- http://openwall.com/lists/oss-security/2017/11/25/3
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://www.securitytracker.com/id/1039872
- https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde
- https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
- https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944
- https://www.debian.org/security/2017/dsa-4053
- https://twitter.com/philpennock/status/934270613811875840
Frequently Asked Questions
What is CVE-2017-16943?
CVE-2017-16943 is a vulnerability in Exim 4.88 and 4.89 that allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
How severe is CVE-2017-16943?
CVE-2017-16943 has a severity value of 9.8, which is considered critical.
What software is affected by CVE-2017-16943?
Exim 4.88 and 4.89 are affected by CVE-2017-16943. Additionally, certain versions of Exim 4.92-8+deb10u6, 4.92-8+deb10u8, 4.94.2-7, 4.94.2-7+deb11u1, 4.96-15+deb12u1, 4.96-15+deb12u2, and 4.97~RC2-2 on Debian are also affected.
How can I fix CVE-2017-16943?
To fix CVE-2017-16943, you should update Exim to version 4.92-8+deb10u6, 4.92-8+deb10u8, 4.94.2-7, 4.94.2-7+deb11u1, 4.96-15+deb12u1, 4.96-15+deb12u2, or 4.97~RC2-2 on Debian. If you are using Exim 4.89, you should update to version 4.89-12, 4.90~RC3-1, or 4.89-2+deb9u2.
What is the Common Weakness Enumeration (CWE) for CVE-2017-16943?
The CWE for CVE-2017-16943 is CWE-416.
- collector/debian-bugs
- alias/CVE-2017-16943
- collector/nvd-index
- collector/security-tracker-debian
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/softwarecombine
- package-manager/debian
- vendor/exim
- canonical/exim exim
- version/exim exim/4.88
- version/exim exim/4.89
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0