{"id":"CVE-2017-16943","details":"The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.","modified":"2026-03-20T11:18:16.144234Z","published":"2017-11-25T17:29:00.260Z","related":["openSUSE-SU-2021:0677-1","openSUSE-SU-2021:0753-1","openSUSE-SU-2021:0754-1","openSUSE-SU-2024:10746-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2021/05/04/7"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039872"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4053"},{"type":"REPORT","url":"https://bugs.exim.org/show_bug.cgi?id=2199"},{"type":"FIX","url":"https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde"},{"type":"FIX","url":"https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2017/11/25/1"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2017/11/25/2"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2017/11/25/3"},{"type":"ARTICLE","url":"https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html"},{"type":"EVIDENCE","url":"https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exim/exim","events":[{"introduced":"0"},{"last_affected":"57091745e6d5ce4259c645b3ac63838668d55b7f"},{"introduced":"0"},{"last_affected":"38903fb5b864ee99904d035337c66891604d9678"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.88-NA"},{"introduced":"0"},{"last_affected":"4.89-NA"}]}}],"versions":["DEVEL_PDKIM_START","exim-4_50","exim-4_51","exim-4_52","exim-4_53","exim-4_54","exim-4_61","exim-4_62","exim-4_63","exim-4_64","exim-4_65","exim-4_66","exim-4_67","exim-4_68","exim-4_69","exim-4_70","exim-4_70_RC3","exim-4_70_RC4","exim-4_71","exim-4_72","exim-4_72_RC1","exim-4_72_RC2","exim-4_73","exim-4_73_RC0","exim-4_73_RC00","exim-4_73_RC1","exim-4_74","exim-4_74_RC1","exim-4_75","exim-4_75_RC1","exim-4_75_RC2","exim-4_75_RC3","exim-4_76","exim-4_76_RC1","exim-4_76_RC2","exim-4_77","exim-4_77_RC1","exim-4_77_RC2","exim-4_77_RC3","exim-4_77_RC4","exim-4_80","exim-4_80_RC1","exim-4_80_RC2","exim-4_80_RC3","exim-4_80_RC4","exim-4_80_RC5","exim-4_80_RC6","exim-4_80_RC7","exim-4_82","exim-4_82_1","exim-4_82_RC1","exim-4_82_RC2","exim-4_82_RC3","exim-4_82_RC4","exim-4_82_RC5","exim-4_83","exim-4_83_RC1","exim-4_83_RC2","exim-4_83_RC3","exim-4_84","exim-4_84_RC1","exim-4_84_RC2","exim-4_85","exim-4_85_RC1","exim-4_85_RC2","exim-4_85_RC3","exim-4_85_RC4","exim-4_86","exim-4_86_RC1","exim-4_86_RC2","exim-4_86_RC3","exim-4_86_RC4","exim-4_86_RC5","exim-4_87","exim-4_87_RC1","exim-4_87_RC2","exim-4_87_RC3","exim-4_87_RC4","exim-4_87_RC5","exim-4_87_RC6","exim-4_87_RC7","exim-4_88","exim-4_88_RC1","exim-4_88_RC2","exim-4_88_RC3","exim-4_88_RC4","exim-4_88_RC5","exim-4_88_RC6","list_safety_merge_proposal"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16943.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}