CVE-2005-0021
exim-tls - buffer overflow
EPSS 2.8%
Description
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
How to fix CVE-2005-0021
To remediate CVE-2005-0021, upgrade the affected package to a fixed version below.
- Debian/exim—upgrade to 3.35-1woody4 or later
- Debian/exim4—upgrade to 4.34-10 or later
- —upgrade to 3.35-3woody3 or later
Is CVE-2005-0021 being exploited?
Low — EPSS is 2.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.35-1woody4
- from 0, < 4.34-10
- from 0, < 3.35-3woody3