Intrusion Prevention

Exim.string_vformat.Heap-based.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Exim Project Exim.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted SMTP message to the target server. Successful exploitation will lead to the attacker being able to execute arbitrary code with the privileges of the mail server user, while an unsuccessful exploitation will lead to a denial-of-service condition.

Affected Products

Exim Project Exim 4.92
Exim Project Exim 4.92.1
Exim Project Exim 4.92.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.exim.org/static/doc/security/CVE-2019-16928.txt

CVE References

CVE-2019-16928