Vulnerability in N/a
CVE-2020-28018
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
EPSS: 0.659 (98.5th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt (x_refsource_MISC)
- [oss-security] 20210511 [CVE-2020-28018] Use-After-Free on Exim Question (mailing-list, x_refsource_MLIST)
- [oss-security] 20210511 Re: [CVE-2020-28018] Use-After-Free on Exim Question (mailing-list, x_refsource_MLIST)
- [oss-security] 20210511 Re: [CVE-2020-28018] Use-After-Free on Exim Question (mailing-list, x_refsource_MLIST)
- [oss-security] 20210511 Re: [CVE-2020-28018] Use-After-Free on Exim Question (mailing-list, x_refsource_MLIST)
- [oss-security] 20210511 Re: [CVE-2020-28018] Use-After-Free on Exim Question (mailing-list, x_refsource_MLIST)
- [oss-security] 20210512 Re: [CVE-2020-28018] Use-After-Free on Exim Question (mailing-list, x_refsource_MLIST)
- [oss-security] 20210512 Re: [CVE-2020-28018] Use-After-Free on Exim Question (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2020-28018?
- CVE-2020-28018 is a vulnerability in N/a. Published 2021-05-06.
- Is CVE-2020-28018 known to be exploited?
- 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.