CVE-2019-16928
| CVE Published | 2019-09-27 |
|---|---|
| Related CWE(s) | CWE-787: Out-of-bounds Write |
| Related Vendor(s) | fedoraproject, debian, exim, canonical |
| Related Product(s) | fedora, exim, ubuntu_linux, debian_linux |
| Exploitation Reported (CISA KEV) | 2022-03-03 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph