CVE-2011-1764 : Detail

CVE-2011-1764

9.72%V3
Network
2011-10-04
23h00 +00:00
2014-02-10
15h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Exim>>Exim >> Version To (including) 4.75

Exim>>Exim >> Version 2.10

Exim>>Exim >> Version 2.11

Exim>>Exim >> Version 2.12

Exim>>Exim >> Version 3.00

Exim>>Exim >> Version 3.01

Exim>>Exim >> Version 3.02

Exim>>Exim >> Version 3.03

Exim>>Exim >> Version 3.10

Exim>>Exim >> Version 3.11

Exim>>Exim >> Version 3.12

Exim>>Exim >> Version 3.13

Exim>>Exim >> Version 3.14

Exim>>Exim >> Version 3.15

Exim>>Exim >> Version 3.16

Exim>>Exim >> Version 3.20

Exim>>Exim >> Version 3.21

Exim>>Exim >> Version 3.22

Exim>>Exim >> Version 3.30

Exim>>Exim >> Version 3.31

Exim>>Exim >> Version 3.32

Exim>>Exim >> Version 3.33

Exim>>Exim >> Version 3.34

Exim>>Exim >> Version 3.35

Exim>>Exim >> Version 3.36

Exim>>Exim >> Version 4.00

Exim>>Exim >> Version 4.01

Exim>>Exim >> Version 4.02

Exim>>Exim >> Version 4.03

Exim>>Exim >> Version 4.04

Exim>>Exim >> Version 4.05

Exim>>Exim >> Version 4.10

Exim>>Exim >> Version 4.11

Exim>>Exim >> Version 4.12

Exim>>Exim >> Version 4.14

Exim>>Exim >> Version 4.20

Exim>>Exim >> Version 4.21

Exim>>Exim >> Version 4.22

Exim>>Exim >> Version 4.23

Exim>>Exim >> Version 4.24

Exim>>Exim >> Version 4.30

Exim>>Exim >> Version 4.31

Exim>>Exim >> Version 4.32

Exim>>Exim >> Version 4.33

Exim>>Exim >> Version 4.34

Exim>>Exim >> Version 4.40

Exim>>Exim >> Version 4.41

Exim>>Exim >> Version 4.42

Exim>>Exim >> Version 4.43

Exim>>Exim >> Version 4.44

Exim>>Exim >> Version 4.50

Exim>>Exim >> Version 4.51

Exim>>Exim >> Version 4.52

Exim>>Exim >> Version 4.53

Exim>>Exim >> Version 4.54

Exim>>Exim >> Version 4.60

Exim>>Exim >> Version 4.61

Exim>>Exim >> Version 4.62

Exim>>Exim >> Version 4.63

Exim>>Exim >> Version 4.64

Exim>>Exim >> Version 4.65

Exim>>Exim >> Version 4.66

Exim>>Exim >> Version 4.67

Exim>>Exim >> Version 4.68

Exim>>Exim >> Version 4.69

Exim>>Exim >> Version 4.70

Exim>>Exim >> Version 4.71

Exim>>Exim >> Version 4.72

Exim>>Exim >> Version 4.73

Exim>>Exim >> Version 4.74

References

http://secunia.com/advisories/51155
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2011/dsa-2232
Tags : vendor-advisory, x_refsource_DEBIAN