{"id":"CVE-2017-1000369","details":"Exim supports the use of multiple \"-p\" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.","modified":"2026-04-11T04:47:15.788508Z","published":"2017-06-19T16:29:00.343Z","related":["openSUSE-SU-2021:0677-1","openSUSE-SU-2021:0753-1","openSUSE-SU-2021:0754-1","openSUSE-SU-2024:10746-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-19"},{"type":"ADVISORY","url":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3888"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99252"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038779"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2017-1000369"},{"type":"FIX","url":"https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exim/exim","events":[{"introduced":"0"},{"last_affected":"98ed60088eaf8ffd8bfdcc27643a116191f16340"},{"introduced":"0"},{"last_affected":"57091745e6d5ce4259c645b3ac63838668d55b7f"},{"introduced":"0"},{"last_affected":"4ae758e46af02b9da0f28fdbfad83eea5e0dffbe"},{"introduced":"0"},{"last_affected":"317e40ac8b1b816f4a22620a5647c6258de61598"},{"introduced":"0"},{"last_affected":"1a2dfad52a761f9b3ea139e68df37a3739c7da8a"},{"introduced":"0"},{"last_affected":"dd7b74e90a96eaf109796d8f9499578571a1572c"},{"introduced":"0"},{"last_affected":"b3200ced2a89fa536907e70e67f80860d1df20b6"},{"introduced":"0"},{"last_affected":"53621a47bcdce24b63663d5402ac4826a5a5a32c"},{"introduced":"0"},{"last_affected":"38903fb5b864ee99904d035337c66891604d9678"},{"introduced":"0"},{"last_affected":"d4e5e70b6c47bc30f9d6ce8300326ffc9fde79f1"},{"introduced":"0"},{"last_affected":"f2613b851682dacdbf6edb9c8f094cfa00e22b9f"},{"introduced":"0"},{"last_affected":"00f7a87b04290db615ec29584e0554928fca81c7"},{"introduced":"0"},{"last_affected":"e1054c675575d47d6289d7e92aa79e09ca05c3e4"},{"introduced":"0"},{"last_affected":"bb33d92ccb5a2aed3219a99e2fd3f3df48fb00de"},{"introduced":"0"},{"last_affected":"b4fa2a49f3d386c6e92e77d3c0d427fb9c15888d"},{"introduced":"0"},{"last_affected":"f5e69651703fc6cd7645ea4b4ce00d030a3c311b"},{"fixed":"65e061b76867a9ea7aeeb535341b790b90ae6c21"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.87.1"},{"introduced":"0"},{"last_affected":"4.88-NA"},{"introduced":"0"},{"last_affected":"4.88-rc1"},{"introduced":"0"},{"last_affected":"4.88-rc2"},{"introduced":"0"},{"last_affected":"4.88-rc3"},{"introduced":"0"},{"last_affected":"4.88-rc4"},{"introduced":"0"},{"last_affected":"4.88-rc5"},{"introduced":"0"},{"last_affected":"4.88-rc6"},{"introduced":"0"},{"last_affected":"4.89-NA"},{"introduced":"0"},{"last_affected":"4.89-rc1"},{"introduced":"0"},{"last_affected":"4.89-rc2"},{"introduced":"0"},{"last_affected":"4.89-rc3"},{"introduced":"0"},{"last_affected":"4.89-rc4"},{"introduced":"0"},{"last_affected":"4.89-rc5"},{"introduced":"0"},{"last_affected":"4.89-rc6"},{"introduced":"0"},{"last_affected":"4.89-rc7"}]}}],"versions":["DEVEL_PDKIM_START","exim-4.90devstart","exim-4_50","exim-4_51","exim-4_52","exim-4_53","exim-4_54","exim-4_61","exim-4_62","exim-4_63","exim-4_64","exim-4_65","exim-4_66","exim-4_67","exim-4_68","exim-4_69","exim-4_70","exim-4_70_RC3","exim-4_70_RC4","exim-4_71","exim-4_72","exim-4_72_RC1","exim-4_72_RC2","exim-4_73","exim-4_73_RC00","exim-4_73_RC1","exim-4_74","exim-4_74_RC1","exim-4_75","exim-4_75_RC1","exim-4_75_RC2","exim-4_75_RC3","exim-4_76","exim-4_76_RC1","exim-4_76_RC2","exim-4_77","exim-4_77_RC1","exim-4_77_RC2","exim-4_77_RC3","exim-4_77_RC4","exim-4_80","exim-4_80_RC1","exim-4_80_RC2","exim-4_80_RC3","exim-4_80_RC4","exim-4_80_RC5","exim-4_80_RC6","exim-4_80_RC7","exim-4_82","exim-4_82_RC1","exim-4_82_RC2","exim-4_82_RC3","exim-4_82_RC4","exim-4_82_RC5","exim-4_83","exim-4_83_RC1","exim-4_83_RC2","exim-4_83_RC3","exim-4_84","exim-4_84_RC1","exim-4_84_RC2","exim-4_85","exim-4_85_RC1","exim-4_85_RC2","exim-4_85_RC3","exim-4_85_RC4","exim-4_86","exim-4_86_RC1","exim-4_86_RC2","exim-4_86_RC3","exim-4_86_RC4","exim-4_86_RC5","exim-4_87","exim-4_87_1","exim-4_87_RC1","exim-4_87_RC2","exim-4_87_RC3","exim-4_87_RC4","exim-4_87_RC5","exim-4_87_RC6","exim-4_87_RC7","exim-4_88","exim-4_88_RC1","exim-4_88_RC2","exim-4_88_RC3","exim-4_88_RC4","exim-4_88_RC5","exim-4_88_RC6","exim-4_89","exim-4_89_RC1","exim-4_89_RC2","exim-4_89_RC3","exim-4_89_RC4","exim-4_89_RC5","exim-4_89_RC6","exim-4_89_RC7"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:47:15Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures":[{"id":"CVE-2017-1000369-2d4f42a9","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21","target":{"file":"src/src/exim.c"},"digest":{"line_hashes":["38488530320842470824616492725579972249","79606996488806108233328364524732095279","283894696414702954052563933938780906082","108584226054236280939790936839653366672","151384877497265530925305136925611819412","335622212625325209041321625245009772535","205292432811187591063234023478821436168","118920449216836268319752180160249136072"],"threshold":0.9}},{"id":"CVE-2017-1000369-923df71b","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21","target":{"function":"main","file":"src/src/exim.c"},"digest":{"length":67179,"function_hash":"211929463205635578468219543010107225043"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000369.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}