CVE-2023-42119

LOW Year: 2023
CVSS v3 Score
3.1
Low
Weakness Type
CWE-125
View all →

Vulnerability Description

Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643.

Related Vulnerabilities

CVE-2016-2380

LOW
CVSS:3.1(Low)

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced t...

CWE-1252016

CVE-2019-10209

LOW
CVSS:3.1(Low)

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

CWE-1252019

CVE-2024-6874

LOW
CVSS:3.1(Low)

libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends ...

CWE-1252024

CVE-2025-1399

LOW
CVSS:3.1(Low)

Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

CWE-1252025

CVE-2025-1400

LOW
CVSS:3.1(Low)

Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

CWE-1252025

CVE-2020-13362

LOW
CVSS:3.2(Low)

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

CWE-1252020