Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
Software | From | Fixed in |
---|---|---|
university_of_cambridge / exim | - | 4.40.x |
university_of_cambridge / exim | 4.41 | 4.41.x |
university_of_cambridge / exim | 4.42 | 4.42.x |