A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup
of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The CWE definition for the vulnerability is CWE-416. The weakness was shared 10/20/2022 as 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is possible to read the advisory at git.exim.org.
The identification of this vulnerability is CVE-2022-3620. The attack may be initiated remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment.
It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k.
The patch is named 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. The bugfix is ready for download at git.exim.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.