CVE-2010-4344 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-4344 Interim 1 14 2024-09-29T01:58:03Z current 2021-05-30T12:54:57Z 2024-09-29T01:58:03Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-4344 Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RGCO5TJU5JPUGUAWERLZDKBEO53YZAG6/#RGCO5TJU5JPUGUAWERLZDKBEO53YZAG6 E-Mail link for SUSE-SA:2010:059 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed exim-4.86.2-2.2 eximon-4.86.2-2.2 eximstats-html-4.86.2-2.2 exim-4.86.2-2.2 as a component of openSUSE Tumbleweed eximon-4.86.2-2.2 as a component of openSUSE Tumbleweed eximstats-html-4.86.2-2.2 as a component of openSUSE Tumbleweed Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. CVE-2010-4344 openSUSE Tumbleweed:exim-4.86.2-2.2 openSUSE Tumbleweed:eximon-4.86.2-2.2 openSUSE Tumbleweed:eximstats-html-4.86.2-2.2 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H