CVE-2010-4344 is a vulnerability in Exim
Published on December 14, 2010
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Known Exploited Vulnerability
This Exim Heap-Based Buffer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
The following remediation steps are recommended / required by April 15, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2010-4344 has been classified to as a Buffer Overflow vulnerability or weakness.
Products Associated with CVE-2010-4344
You can be notified by stack.watch whenever vulnerabilities like CVE-2010-4344 are published in these products:
What versions of Exim are vulnerable to CVE-2010-4344?
- Exim Version 2.11
- Exim Version 4.66
- Exim Version 4.10
- Exim Version 3.16
- Exim Version 3.21
- Exim Version 3.01
- Exim Version 3.31
- Exim Version 4.24
- Exim Version 3.33
- Exim Version 3.30
- Exim Version 4.30
- Exim Version 4.21
- Exim Version 4.03
- Exim Version 4.51
- Exim Version 4.67
- Exim Version 4.63
- Exim Version 4.00
- Exim Version 4.43
- Exim Version 4.22
- Exim Version 3.10
- Exim Version 4.40
- Exim Version 4.52
- Exim Version 3.36
- Exim Version 3.15
- Exim Version 4.60
- Exim Version 4.61
- Exim Version 2.12
- Exim Version 4.68
- Exim Version 4.54
- Exim Version 4.02
- Exim Version 4.23
- Exim Version 4.01
- Exim Version 3.34
- Exim Up to Version 4.69
- Exim Version 3.00
- Exim Version 4.62
- Exim Version 3.02
- Exim Version 3.03
- Exim Version 3.12
- Exim Version 3.20
- Exim Version 4.12
- Exim Version 3.22
- Exim Version 4.32
- Exim Version 4.11
- Exim Version 4.42
- Exim Version 4.05
- Exim Version 4.31
- Exim Version 3.14
- Exim Version 3.11
- Exim Version 3.35
- Exim Version 4.44
- Exim Version 4.14
- Exim Version 4.64
- Exim Version 4.04
- Exim Version 4.41
- Exim Version 4.20
- Exim Version 2.10
- Exim Version 4.65
- Exim Version 4.53
- Exim Version 4.33
- Exim Version 3.13
- Exim Version 4.50
- Exim Version 3.32
- Exim Version 4.34