CVE-2020-28013: Buffer Overflow
First published: Thu May 06 2021(Updated: )
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Exim Exim | >=4.00<4.94.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Exim vulnerability?
The vulnerability ID for this Exim vulnerability is CVE-2020-28013.
What is the severity of CVE-2020-28013?
The severity of CVE-2020-28013 is high with a CVSS score of 7.8.
How does CVE-2020-28013 impact Exim?
CVE-2020-28013 allows for a heap-based buffer overflow in Exim, which may lead to privilege escalation from any user to root.
Which versions of Exim are affected by CVE-2020-28013?
Exim versions before 4.94.2 are affected by CVE-2020-28013.
How can CVE-2020-28013 be mitigated?
The recommended mitigation for CVE-2020-28013 is to update Exim to version 4.94.2 or later.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/exim
- canonical/exim exim
- version/exim exim/4.00