CVE-2012-5671

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-10-31 16:55

Updated : 2024-02-04 18:16


NVD link : CVE-2012-5671

Mitre link : CVE-2012-5671

CVE.ORG link : CVE-2012-5671


JSON object : View

Products Affected

exim

  • exim
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer