CVE-2020-28017
CRITICALExim < 4.94.2 - Integer Overflow to Buffer Overflow via Large Recipient Count
Title source: llmDescription
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt
Scores
CVSS v3
9.8
EPSS
0.3607
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
exim/exim
< 4.94.1
Published
May 06, 2021
Tracked Since
Feb 18, 2026