[Bug 1202205] New: VUL-1: CVE-2022-37452: heap overflow
http://bugzilla.opensuse.org/show_bug.cgi?id=1202205 Bug ID: 1202205 Summary: VUL-1: CVE-2022-37452: heap overflow Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/339154/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: wullinger@rz.uni-kiel.de Reporter: rfrohl@suse.com QA Contact: security-team@suse.de CC: poeml@cmdline.net Found By: Security Response Team Blocker: --- CVE-2022-37452 Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37452 https://www.openwall.com/lists/oss-security/2022/08/06/8 https://github.com/ivd38/exim_overflow https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 https://github.com/Exim/exim/compare/exim-4.94...exim-4.95 https://github.com/Exim/exim/wiki/EximSecurity http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37452 https://www.exim.org/static/doc/security/ -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1202205
http://bugzilla.opensuse.org/show_bug.cgi?id=1202205#c1
--- Comment #1 from Robert Frohl
http://bugzilla.opensuse.org/show_bug.cgi?id=1202205
Robert Frohl
http://bugzilla.opensuse.org/show_bug.cgi?id=1202205
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1202205
http://bugzilla.opensuse.org/show_bug.cgi?id=1202205#c2
--- Comment #2 from OBSbugzilla Bot
participants (1)
-
bugzilla_noreply@suse.com