{"id":"CVE-2019-16928","details":"Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.","modified":"2026-04-11T12:19:50.914664Z","published":"2019-09-27T21:15:10.017Z","related":["openSUSE-SU-2021:0677-1","openSUSE-SU-2021:0753-1","openSUSE-SU-2021:0754-1","openSUSE-SU-2024:10746-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"19.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"10.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"29"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"30"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"31"}],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-16928"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/09/28/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/09/28/4"},{"type":"ADVISORY","url":"https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Sep/60"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-47"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4141-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4536"},{"type":"FIX","url":"https://bugs.exim.org/show_bug.cgi?id=2449"},{"type":"FIX","url":"https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2019/09/28/1"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2019/09/28/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exim/exim","events":[{"introduced":"ae63862ba6f6ee0c17ec865cc6cf0eebb3ca2389"},{"last_affected":"2600301ba6dbac5c9d640c87007a07ee6dcea1f4"}],"database_specific":{"cpe":"cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"4.92"},{"last_affected":"4.92.2"}],"source":"CPE_FIELD"}}],"versions":["exim-4.92","exim-4.92-RC6","exim-4.92-jgh","exim-4.92.1","exim-4.92.1-RC2","exim-4.92.2","exim-4.92.2-RC1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16928.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}