Stack-based Buffer Overflow

CVE-2023-42116

High

9.8/10

Summary

The Package Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability allows remote attackers to execute arbitrary code on affected Exim installations without requiring authentication. The flaw lies in the handling of NTLM challenge requests, where the lack of proper validation of user-supplied data length leads to it being copied to a fixed-length stack-based buffer. This vulnerability can be exploited by an attacker to execute code in the context of the service account .This issue affects versions through 4.96, and 4.97-RC0 through 4.97-RC1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-121 - Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

Advisory Timeline

Published May 03, 2024

Stack-based Buffer Overflow

CVE-2023-42116

Summary

CWE-121 - Stack-based Buffer Overflow

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS