{"id":"CVE-2019-15846","details":"Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.","modified":"2026-04-11T21:07:59.698572Z","published":"2019-09-06T11:15:11.620Z","related":["openSUSE-SU-2019:2093-1","openSUSE-SU-2021:0753-1","openSUSE-SU-2024:10746-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"10.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/06/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/06/4"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/06/5"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/06/6"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/06/8"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/07/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/07/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/08/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/09/09/1"},{"type":"WEB","url":"https://exim.org/static/doc/security/CVE-2019-15846.txt"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/"},{"type":"WEB","url":"https://usn.ubuntu.com/4124-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4124-2/"},{"type":"WEB","url":"https://www.kb.cert.org/vuls/id/672565"},{"type":"ADVISORY","url":"http://exim.org/static/doc/security/CVE-2019-15846.txt"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00004.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Sep/13"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201909-06"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4517"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2019/09/06/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exim/exim","events":[{"introduced":"0"},{"fixed":"2600301ba6dbac5c9d640c87007a07ee6dcea1f4"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"4.92.2"}],"cpe":"cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["DEVEL_PDKIM_START","exim-4.90devstart","exim-4.92","exim-4.92-RC1","exim-4.92-RC2","exim-4.92-RC3","exim-4.92-RC4","exim-4.92-RC5","exim-4.92-RC6","exim-4.92-jgh","exim-4.92.1","exim-4.92.1-RC2","exim-4_50","exim-4_51","exim-4_52","exim-4_53","exim-4_54","exim-4_61","exim-4_62","exim-4_63","exim-4_64","exim-4_65","exim-4_66","exim-4_67","exim-4_68","exim-4_69","exim-4_70","exim-4_70_RC3","exim-4_70_RC4","exim-4_71","exim-4_72","exim-4_72_RC1","exim-4_72_RC2","exim-4_73","exim-4_73_RC00","exim-4_73_RC1","exim-4_74","exim-4_74_RC1","exim-4_75","exim-4_75_RC1","exim-4_75_RC2","exim-4_75_RC3","exim-4_76","exim-4_76_RC1","exim-4_76_RC2","exim-4_77","exim-4_77_RC1","exim-4_77_RC2","exim-4_77_RC3","exim-4_77_RC4","exim-4_80","exim-4_80_RC1","exim-4_80_RC2","exim-4_80_RC3","exim-4_80_RC4","exim-4_80_RC5","exim-4_80_RC6","exim-4_80_RC7","exim-4_82","exim-4_82_RC1","exim-4_82_RC2","exim-4_82_RC3","exim-4_82_RC4","exim-4_82_RC5","exim-4_83","exim-4_83_RC1","exim-4_83_RC2","exim-4_83_RC3","exim-4_84","exim-4_84_RC1","exim-4_84_RC2","exim-4_85","exim-4_85_RC1","exim-4_85_RC2","exim-4_85_RC3","exim-4_85_RC4","exim-4_86","exim-4_86_RC1","exim-4_86_RC2","exim-4_86_RC3","exim-4_86_RC4","exim-4_86_RC5","exim-4_87","exim-4_87_RC1","exim-4_87_RC2","exim-4_87_RC3","exim-4_87_RC4","exim-4_87_RC5","exim-4_87_RC6","exim-4_87_RC7","exim-4_88","exim-4_88_RC1","exim-4_88_RC2","exim-4_88_RC3","exim-4_88_RC4","exim-4_88_RC5","exim-4_88_RC6","exim-4_89_RC1","exim-4_89_RC3","exim-4_90","exim-4_90_RC1","exim-4_90_RC2","exim-4_90_RC3","exim-4_90_RC4","exim-4_91","exim-4_91_RC1","exim-4_91_RC2","exim-4_91_RC3","exim-4_91_RC4"],"database_specific":{"vanir_signatures":[{"id":"CVE-2019-15846-6e37a886","signature_type":"Function","deprecated":false,"signature_version":"v1","digest":{"length":984,"function_hash":"256980183646066541984069527665417741673"},"target":{"function":"string_interpret_escape","file":"src/src/string.c"},"source":"https://github.com/exim/exim/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4"},{"id":"CVE-2019-15846-e3b79d9f","signature_type":"Line","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["34360093518404896471744733215184192610","8719926595473108489439290494720702532","296632350261770040420288428843821730810","265836692107644544242406332720074567239","94320246887392360165331925281492160580","204743667807900283044696579217917538959","259783621426062242108025744201689104232","152000936690205865675864793129865771482","226017580920755955615003370344980451181","12739408565750634307987649623934564665"],"threshold":0.9},"target":{"file":"src/src/string.c"},"source":"https://github.com/exim/exim/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4"}],"vanir_signatures_modified":"2026-04-11T21:07:59Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15846.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}