Upstream information

CVE-2022-3559 at MITRE

Description

A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 7.5
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1204427 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP3
  • exim >= 4.94.2-bp153.5.1
  • eximon >= 4.94.2-bp153.5.1
  • eximstats-html >= 4.94.2-bp153.5.1
Patchnames:
openSUSE-2022-10191
SUSE Package Hub 15 SP4
  • exim >= 4.94.2-bp154.2.3.1
  • eximon >= 4.94.2-bp154.2.3.1
  • eximstats-html >= 4.94.2-bp154.2.3.1
Patchnames:
openSUSE-2022-10168
SUSE Package Hub 15 SP5
  • exim >= 4.97.1-bp155.5.9.1
  • eximon >= 4.97.1-bp155.5.9.1
  • eximstats-html >= 4.97.1-bp155.5.9.1
Patchnames:
openSUSE-2024-7
openSUSE Leap 15.3
  • exim >= 4.94.2-bp153.5.1
  • eximon >= 4.94.2-bp153.5.1
  • eximstats-html >= 4.94.2-bp153.5.1
Patchnames:
openSUSE-2022-10191
openSUSE Leap 15.4
  • exim >= 4.94.2-bp154.2.3.1
  • eximon >= 4.94.2-bp154.2.3.1
  • eximstats-html >= 4.94.2-bp154.2.3.1
Patchnames:
openSUSE-2022-10168
openSUSE Leap 15.5
  • exim >= 4.97.1-bp155.5.9.1
  • eximon >= 4.97.1-bp155.5.9.1
  • eximstats-html >= 4.97.1-bp155.5.9.1
Patchnames:
openSUSE-2024-7
openSUSE Tumbleweed
  • exim >= 4.96-3.1
  • eximon >= 4.96-3.1
  • eximstats-html >= 4.96-3.1
Patchnames:
openSUSE-Tumbleweed-2024-12422


SUSE Timeline for this CVE

CVE page created: Tue Oct 18 00:00:18 2022
CVE page last modified: Tue Sep 3 19:24:23 2024