------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1510 Summary: Alleged out of bounds read in filter Product: Exim Version: 4.83 Platform: x86-64 OS/Version: Linux Status: NEW Severity: security Priority: medium Component: Filters AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] To whom it may concern; I apologize for communicating to bugreports but I am unable to find Exim's public-facing vulnerability communication mechanism. It looks like there is a out of bound read within Exim - 4.83 (as pulled from http://ftp.univie.ac.at/applications/exim/exim/exim4/exim-4.83.tar.gz ) Within filter.c - line 39, union argtypes args[1] is declared. Which results in argtypes args having an allocated size of 8 bytes. So further along, within filter.c - line 2335, interpret_commands(), args points far beyond the the allocated 8 bytes. IE it is set to 96 bytes. I have confirmed the out of bounds read in Valgrind and static analysis tools. So it looks and smells plausible. Exploitability? Not entirely certain. You can find additional information @ http://cwe.mitre.org/data/definitions/125.html and http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/out_of_bounds_read.html . -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
