Exim DMARC dmarc.c dmarc_dns_lookup use after free

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The CWE definition for the vulnerability is CWE-416. The weakness was shared 10/20/2022 as 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is possible to read the advisory at git.exim.org. The identification of this vulnerability is CVE-2022-3620. The attack may be initiated remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The patch is named 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. The bugfix is ready for download at git.exim.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field10/20/2022 21:5311/18/2022 18:4711/18/2022 18:54
nameEximEximExim
componentDMARC HandlerDMARC HandlerDMARC Handler
filedmarc.cdmarc.cdmarc.c
functiondmarc_dns_lookupdmarc_dns_lookupdmarc_dns_lookup
cwe416 (use after free)416 (use after free)416 (use after free)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier12fb3842f81bcbd4a4519d5728f2d7e0e3ca144512fb3842f81bcbd4a4519d5728f2d7e0e3ca144512fb3842f81bcbd4a4519d5728f2d7e0e3ca1445
urlhttps://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445
namePatchPatchPatch
patch_name12fb3842f81bcbd4a4519d5728f2d7e0e3ca144512fb3842f81bcbd4a4519d5728f2d7e0e3ca144512fb3842f81bcbd4a4519d5728f2d7e0e3ca1445
patch_urlhttps://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445
cveCVE-2022-3620CVE-2022-3620CVE-2022-3620
responsibleVulDBVulDBVulDB
date1666216800 (10/20/2022)1666216800 (10/20/2022)1666216800 (10/20/2022)
typeMail Server SoftwareMail Server SoftwareMail Server Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.15.15.1
cvss2_vuldb_tempscore4.44.44.4
cvss3_vuldb_basescore5.65.65.6
cvss3_vuldb_tempscore5.45.45.4
cvss3_meta_basescore5.65.67.0
cvss3_meta_tempscore5.45.46.9
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1666216800 (10/20/2022)1666216800 (10/20/2022)
cve_nvd_summaryA vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919.A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_cna_avN
cvss3_cna_acH
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore9.8
cvss3_cna_basescore5.6

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!