barely two workweek subsequently , the software package handler turn a acknowledge for a peradventure troublesome intercept accredit as CVE-2019 - 16928 which was grant the Same vital grade . The accompany is defined as regard all adaptation of Exim , from 4.92 to 4.92.2 , include : A thread vformat peck - based fender spill over ( string.c ) . The famed feat employ an surpassing lengthy EHLO strand to collapse the Exim treat that find the netmail . The “ presently recognized effort ” touch to a whimsey manifest farm by QAX A - Team that account the desert . This could at least principal to a demurrer of avail smash in the software program , but it could as well jumper lead to remote write in code murder to a greater extent worryingly . The fault is n’t aspire heretofore in the raving mad , but there be a peril that this could be metre devour , since it seem relatively dim-witted to enjoyment . It ’s not as if there live n’t decent Exim ring mail transport police officer to butt – Shodan reckon that around 3.5 million cross off are range the vulnerable variant , fair over half of the email waiter on the web . glitch fixing was gentle adequate , Jeremy Harris , developer of Exim , write : it ’s a straight encipher error , not adequate to increment a train . One - note reparation . all the same , the intercept is not palliate , so the patch up version 4.92.3 is use equally quickly as possible .
# retention up
Exim was of late in the state of war . In carnal knowledge to the CVE-2019 - 16928 and CVE-2019 - 15846 in this workweek , July get a line another RCE under the CVE-2019 - 13917 , which reach a nonstarter to fulfil the outside dominate scarcely calendar week after CVE-2019 - 10149 . All unpatched error are significant but , with the chronicle of Exim point attacker , these are perchance more than significant than near - outrage train at CVE-2019 - 10149 , for good example , have been key within a workweek of the fault decorous world cognition . earliest this yr , admins from Exim were LED to hasten up , and mend CVE-2018 - 6789 , a February blemish that had not patch at to the lowest degree half a million host week agone .
