CVE-2020-28019

HIGH

Exim 4 <4.94.2 - Buffer Overflow

Title source: llm

Description

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.

References (1)

[Vendor Advisory] https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt

Scores

CVSS v3 7.5

EPSS 0.0182

EPSS Percentile 83.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-665

Status published

Products (1)

exim/exim 4.88 - 4.94.2

Published May 06, 2021

Tracked Since Feb 18, 2026