CVE-2014-2972

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

Published: Sep 4, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2972
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
exim / exim	4.70	4.70.x
exim / exim	4.69	4.69.x
exim / exim	4.66	4.66.x
exim / exim	4.10	4.10.x
exim / exim	4.76	4.76.x
exim / exim	4.24	4.24.x
exim / exim	4.30	4.30.x
exim / exim	4.21	4.21.x
exim / exim	4.03	4.03.x
exim / exim	4.51	4.51.x
exim / exim	4.71	4.71.x
exim / exim	4.74	4.74.x
exim / exim	4.67	4.67.x
exim / exim	4.63	4.63.x
exim / exim	4.00	4.00.x
exim / exim	4.43	4.43.x
exim / exim	4.22	4.22.x
exim / exim	4.40	4.40.x
exim / exim	4.52	4.52.x
exim / exim	4.60	4.60.x
exim / exim	4.61	4.61.x
exim / exim	4.68	4.68.x
exim / exim	4.54	4.54.x
exim / exim	4.02	4.02.x
exim / exim	4.77	4.77.x
exim / exim	4.23	4.23.x
exim / exim	4.01	4.01.x
exim / exim	4.62	4.62.x
exim / exim	4.12	4.12.x
exim / exim	4.32	4.32.x
exim / exim	4.11	4.11.x
exim / exim	-	4.82.1.x
exim / exim	4.42	4.42.x
exim / exim	4.05	4.05.x
exim / exim	4.31	4.31.x
exim / exim	4.72	4.72.x
exim / exim	4.44	4.44.x
exim / exim	4.14	4.14.x
exim / exim	4.64	4.64.x
exim / exim	4.04	4.04.x
exim / exim	4.75	4.75.x
exim / exim	4.41	4.41.x
exim / exim	4.20	4.20.x
exim / exim	4.65	4.65.x
exim / exim	4.53	4.53.x
exim / exim	4.80	4.80.x
exim / exim	4.33	4.33.x
exim / exim	4.80.1	4.80.1.x
exim / exim	4.73	4.73.x
exim / exim	4.50	4.50.x
exim / exim	4.34	4.34.x
exim / exim	4.82	4.82.x

Vulnerability Database

289,697

CVE-2014-2972