Bugzilla – Bug 1202204
VUL-0: CVE-2022-37451: exim: invalid free
Last modified: 2023-10-04 06:30:37 UTC
CVE-2022-37451 Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37451 https://www.openwall.com/lists/oss-security/2022/08/06/1 https://github.com/ivd38/exim_invalid_free https://github.com/Exim/exim/compare/exim-4.95...exim-4.96 http://www.cvedetails.com/cve/CVE-2022-37451/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37451 https://github.com/Exim/exim/wiki/EximSecurity https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42 https://cwe.mitre.org/data/definitions/762.html https://lists.exim.org/lurker/message/20220625.141825.d6de6074.en.html https://www.exim.org/static/doc/security/
already fixed in Factory, still open for openSUSE:Backports:*:Update
This is an autogenerated message for OBS integration: This bug (1202204) was mentioned in https://build.opensuse.org/request/show/993692 Backports:SLE-12-SP4+Backports:SLE-15-SP3+Backports:SLE-15-SP4 / exim
fix via update https://build.opensuse.org/request/show/993692