CVE-2022-3559

Published: Oct 17, 2022Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.

Affected (4)

Products: Exim: Exim · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Exim Exim	Before 4.97

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (13)

https://bugs.exim.org/show_bug.cgi?id=2915

Source: cna@vuldb.com

PatchVendor Advisory

https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2

Source: cna@vuldb.com

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://vuldb.com/?id.211073

Source: cna@vuldb.com

Third Party Advisory

https://bugs.exim.org/show_bug.cgi?id=2915

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2024/10/msg00029.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://vuldb.com/?id.211073

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.