CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2019-16928

CVSS 9.8v3.1pub. 2019-09-27upd. 2025-11-07

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Canonical Ubuntu

    OS
    Canonical
    19.04
  • Debian

    OS
    Debian
    10.0
  • Exim

    APP
    Exim
    4.92 – 4.92.2
  • Fedora Project Fedora

    OS
    Fedoraproject
    293031

CISA KEV — detailsi

Vendori
Exim
Producti
Exim Internet Mailer
Added to KEVi
March 3, 2022
Remediation deadline (US Federal)i
March 17, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Exim contains an out-of-bounds write vulnerability which can allow for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 17 marca 2022
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki