Vulnerability Description
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Exim | Exim | <= 4.82 |
Related Weaknesses (CWE)
References
- http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.htmlPatchVendor Advisory
- http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.htmlPatchVendor Advisory
FAQ
What is CVE-2014-2957?
CVE-2014-2957 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to t...
How severe is CVE-2014-2957?
CVE-2014-2957 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2957?
Check the references section above for vendor advisories and patch information. Affected products include: Exim Exim.