CVE-2019-16928
Published: 27 September 2019
Summary
CVE-2019-16928 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Fedoraproject Fedora. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Exim versions 4.92 through 4.92.2 contain a heap-based buffer overflow in the string_vformat function within string.c. The flaw is triggered by an overly long EHLO command and is distinct from the separate issue tracked as CVE-2019-15846. It is assigned CWE-787 and carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low complexity, and no required privileges or user interaction.
An unauthenticated remote attacker can send a crafted EHLO command to an affected Exim server and achieve arbitrary code execution with full impact on confidentiality, integrity, and availability. The vulnerability is exploitable over the network without any authentication or special conditions.
Public advisories and technical details, including potential mitigation steps and patch information, are discussed in the referenced Openwall mailing-list posts and the Exim bug tracker entry at https://bugs.exim.org/show_bug.cgi?id=2449. No information on observed in-the-wild exploitation is provided in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-7422
Vulnerability details
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the heap buffer overflow by enforcing validation of EHLO command length and format before string_vformat processing.
Requires timely application of vendor patches that eliminate the vulnerable string_vformat code path in Exim 4.92-4.92.2.
Restricts network exposure of the unauthenticated Exim SMTP listener, reducing the attack surface for remote EHLO-based exploitation.