Use After Free in exim-mysql | CVE-2017-16943

Q: How to fix?

Upgrade Amazon-Linux:2018.03 exim-mysql to version 0:4.89-4.17.amzn1 or higher. This issue was patched in ALAS-2017-932 .

Threat Intelligence

12.83% (96^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Use After Free vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-AMZN201803-EXIMMYSQL-1709610
published27 Sept 2021
disclosed25 Nov 2017

Report a new vulnerability Found a mistake?

Introduced: 25 Nov 2017

CVE-2017-16943 (opens in a new tab) CWE-416 (opens in a new tab)

How to fix?

Upgrade Amazon-Linux:2018.03 exim-mysql to version 0:4.89-4.17.amzn1 or higher.
This issue was patched in ALAS-2017-932.

NVD Description

Note: Versions mentioned in the description apply only to the upstream exim-mysql package and not the exim-mysql package as distributed by Amazon-Linux. See How to fix? for Amazon-Linux:2018.03 relevant fixed versions and status.

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

Use After Free Affecting exim-mysql package, versions <0:4.89-4.17.amzn1

Severity