CVE-2020-28025

HIGH7.5EPSS 1.4%

發布日:2021/5/6修改日:2026/4/28

也稱為:DEBIAN-CVE-2020-28025

描述

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.

受影響套件(1)

Debian/exim4from 0, < 4.94.2-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-28025