CVE-2020-28015

Public on 2021-05-06

Modified on 2021-05-07

Description

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.

Severity

Important

See what this means

CVSS v3 Base Score

7.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	exim	2021-05-06 19:11	ALAS-2021-1497

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	7.2	AV:L/AC:L/Au:N/C:C/I:C/A:C
Amazon Linux	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD	CVSSv2	7.2	AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2020-28015 Mitre: CVE-2020-28015 FAQs regarding Amazon Linux ALAS/CVE Severity