CVE-2022-3620

CVSS V2 None CVSS V3 Critical 9.8
Description
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919.
Overview
  • CVE ID
  • CVE-2022-3620
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-10-20T20:15:09
  • Last Modified Date
  • 2023-01-20T02:26:08
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CWE-416 http://cwe.mitre.org/data/definitions/416.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:exim:exim:2022-10-18:*:*:*:*:*:*:* 1 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 Mailing List Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/667V3ADXQ2MHUJMSXA3VZZEWLVSCIBEU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XV2K2AWF62FSJ64B5CUZPFT4COK7P5PM/
https://vuldb.com/?id.211919 Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3620
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3620
History
Created Old Value New Value Data Type Notes
2022-10-20 21:00:10 Added to TrackCVE
2022-12-07 10:34:31 2022-10-20T20:15Z 2022-10-20T20:15:09 CVE Published Date updated
2022-12-07 10:34:31 2022-11-14T15:15:53 CVE Modified Date updated
2022-12-07 10:34:31 Undergoing Analysis Vulnerability Status updated
2022-12-07 10:34:58 References updated
2023-01-20 03:15:00 2023-01-20T02:26:08 CVE Modified Date updated
2023-01-20 03:15:00 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-20 03:15:00 Weakness Enumeration update