{"id":"CVE-2022-37451","details":"Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.","modified":"2026-03-20T12:12:52.637745Z","published":"2022-08-06T18:15:08.967Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LETR5CVDPFOFQHXCJP6NFLG52JZHQYDY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XSWDF4QEXD4TDWQLYQOWCHBJKTDQR4Z7/"},{"type":"ADVISORY","url":"https://cwe.mitre.org/data/definitions/762.html"},{"type":"ADVISORY","url":"https://github.com/Exim/exim/wiki/EximSecurity"},{"type":"ADVISORY","url":"https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html"},{"type":"ADVISORY","url":"https://github.com/Exim/exim/compare/exim-4.95...exim-4.96"},{"type":"ADVISORY","url":"https://www.exim.org/static/doc/security/"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2022/08/06/1"},{"type":"FIX","url":"https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42"},{"type":"FIX","url":"https://github.com/ivd38/exim_invalid_free"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exim/exim","events":[{"introduced":"0"},{"fixed":"568dbf1701e031eb1b0cfb50d3a656477f4198c8"},{"fixed":"51be321b27825c01829dffd90f11bfff256f7e42"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.96"}]}}],"versions":["DEVEL_PDKIM_START","exim-4.90devstart","exim-4.92","exim-4.92-RC1","exim-4.92-RC2","exim-4.92-RC3","exim-4.92-RC4","exim-4.92-RC5","exim-4.92-RC6","exim-4.92-jgh","exim-4.93","exim-4.93-RC0","exim-4.93-RC1","exim-4.93-RC2","exim-4.93-RC3","exim-4.93-RC4","exim-4.93-RC5","exim-4.93-RC6","exim-4.93-RC7","exim-4.94","exim-4.94-RC1","exim-4.94-RC2","exim-4.95","exim-4.95-RC0","exim-4.95-RC1","exim-4.95-RC2","exim-4.96-RC0","exim-4.96-RC1","exim-4.96-RC2","exim-4_50","exim-4_51","exim-4_52","exim-4_53","exim-4_54","exim-4_61","exim-4_62","exim-4_63","exim-4_64","exim-4_65","exim-4_66","exim-4_67","exim-4_68","exim-4_69","exim-4_70","exim-4_70_RC3","exim-4_70_RC4","exim-4_71","exim-4_72","exim-4_72_RC1","exim-4_72_RC2","exim-4_73","exim-4_73_RC0","exim-4_73_RC00","exim-4_73_RC1","exim-4_74","exim-4_74_RC1","exim-4_75","exim-4_75_RC1","exim-4_75_RC2","exim-4_75_RC3","exim-4_76","exim-4_76_RC1","exim-4_76_RC2","exim-4_77","exim-4_77_RC1","exim-4_77_RC2","exim-4_77_RC3","exim-4_77_RC4","exim-4_80","exim-4_80_RC1","exim-4_80_RC2","exim-4_80_RC3","exim-4_80_RC4","exim-4_80_RC5","exim-4_80_RC6","exim-4_80_RC7","exim-4_82","exim-4_82_1","exim-4_82_RC1","exim-4_82_RC2","exim-4_82_RC3","exim-4_82_RC4","exim-4_82_RC5","exim-4_83","exim-4_83_RC1","exim-4_83_RC2","exim-4_83_RC3","exim-4_84","exim-4_84_RC1","exim-4_84_RC2","exim-4_85","exim-4_85_RC1","exim-4_85_RC2","exim-4_85_RC3","exim-4_85_RC4","exim-4_86","exim-4_86_RC1","exim-4_86_RC2","exim-4_86_RC3","exim-4_86_RC4","exim-4_86_RC5","exim-4_87","exim-4_87_RC1","exim-4_87_RC2","exim-4_87_RC3","exim-4_87_RC4","exim-4_87_RC5","exim-4_87_RC6","exim-4_87_RC7","exim-4_88","exim-4_88_RC1","exim-4_88_RC2","exim-4_88_RC3","exim-4_88_RC4","exim-4_88_RC5","exim-4_88_RC6","exim-4_89_RC1","exim-4_89_RC3","exim-4_90","exim-4_90_RC1","exim-4_90_RC2","exim-4_90_RC3","exim-4_90_RC4","exim-4_91","exim-4_91_RC1","exim-4_91_RC2","exim-4_91_RC3","exim-4_91_RC4","exim-4_94_RC0","list_safety_merge_proposal"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37451.json","vanir_signatures":[{"deprecated":false,"target":{"file":"src/src/auths/call_pam.c","function":"pam_converse"},"source":"https://github.com/exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42","digest":{"length":811,"function_hash":"295946521454783503544595364697051851463"},"signature_type":"Function","signature_version":"v1","id":"CVE-2022-37451-16f01ec1"},{"deprecated":false,"target":{"file":"src/src/auths/call_pam.c"},"source":"https://github.com/exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42","digest":{"line_hashes":["7178427177260541947017050315255501858","98985955715045176104540708459976533458","135003902434850882842777734942604854167","324845934968975742811553193365113630047"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","id":"CVE-2022-37451-a9fb0373"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}