Unrated severityNVD Advisory· Published Jul 25, 2019· Updated Aug 5, 2024
CVE-2019-13917
CVE-2019-13917
Description
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Exim/Eximdescription
- osv-coords3 versionspkg:rpm/opensuse/exim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/exim&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libspf2&distro=SUSE%20Package%20Hub%2015%20SP1
< 4.94.2-4.2+ 2 more
- (no CPE)range: < 4.94.2-4.2
- (no CPE)range: < 4.94.2-bp151.2.4.1
- (no CPE)range: < 1.2.10-bp151.4.1
Patches
Vulnerability mechanics
References
5- security.gentoo.org/glsa/201909-06mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2019/dsa-4488mitrevendor-advisoryx_refsource_DEBIAN
- exim.org/static/doc/security/CVE-2019-13917.txtmitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2019/07/26/5mitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Jul/51mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.