High severity8.8NVD Advisory· Published Dec 22, 2019· Updated Jun 17, 2026
CVE-2019-19920
CVE-2019-19920
Description
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- sa-exim/sa-eximdescription
Patches
Vulnerability mechanics
References
5- bugs.debian.org/946829nvdMailing ListPatchThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/01/msg00006.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- usn.ubuntu.com/4520-1/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.