https://bugs.exim.org/show_bug.cgi?id=3001
Jeremy Harris <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |high Assignee|[email protected] |[email protected] CC| |[email protected] Component|Unfiled |SMTP Authentication Summary|(placeholder) |infoleak in SPA | |authenticator, client --- Comment #1 from Jeremy Harris <[email protected]> --- ZDI-CAN-17433 (Trend Micro) A crafted SPA challenge from the server can cause the client authenticator to read OOB; the data is then returned to the server. Fix: validate the offset contained in the challenge, to avoid reading past the end of the challenge data structure. Vulnerable since at least 4.50, probably longer. -- You are receiving this mail because: You are on the CC list for the bug. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
