Medium severity4.0NVD Advisory· Published Jun 19, 2017· Updated Jun 17, 2026
CVE-2017-1000369
CVE-2017-1000369
Description
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*range: <=4.87.1
- cpe:2.3:a:exim:exim:4.88:-:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.88:rc1:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.88:rc2:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.88:rc3:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.88:rc4:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.88:rc5:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.88:rc6:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:-:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:rc1:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:rc2:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:rc3:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:rc4:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:rc5:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:rc6:*:*:*:*:*:*
- cpe:2.3:a:exim:exim:4.89:rc7:*:*:*:*:*:*
- (no CPE)range: <=4.89
- osv-coords6 versionspkg:rpm/opensuse/exim&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/exim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/exim&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/exim&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/libspf2&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libspf2&distro=SUSE%20Package%20Hub%2015%20SP2
< 4.94.2-lp152.8.3.1+ 5 more
- (no CPE)range: < 4.94.2-lp152.8.3.1
- (no CPE)range: < 4.94.2-4.2
- (no CPE)range: < 4.94.2-bp151.2.4.1
- (no CPE)range: < 4.94.2-bp152.6.4.1
- (no CPE)range: < 1.2.10-bp151.4.1
- (no CPE)range: < 1.2.10-bp152.5.1
Patches
Vulnerability mechanics
References
7- www.debian.org/security/2017/dsa-3888nvdThird Party Advisory
- www.securityfocus.com/bid/99252nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038779nvdThird Party AdvisoryVDB Entry
- access.redhat.com/security/cve/CVE-2017-1000369nvdVendor Advisory
- github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21nvdMitigationThird Party Advisory
- security.gentoo.org/glsa/201709-19nvdThird Party Advisory
- www.qualys.com/2017/06/19/stack-clash/stack-clash.txtnvdThird Party Advisory
News mentions
0No linked articles in our index yet.