CVE-2014-2972
EPSS 0.21%
Description
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
How to fix CVE-2014-2972
To remediate CVE-2014-2972, upgrade the affected package to a fixed version below.
- Debian/exim4—upgrade to 4.82.1-2 or later
Is CVE-2014-2972 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.82.1-2