CVE-2014-2972
UnknownEPSS 0.49%
Last modified
CVE-2014-2972 is a vulnerability of currently unknown severity. expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.. EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Exim | Exim | <= 4.82.1 |
| Exim | Exim | 4.00 |
| Exim | Exim | 4.01 |
| Exim | Exim | 4.02 |
| Exim | Exim | 4.03 |
| Exim | Exim | 4.04 |
| Exim | Exim | 4.05 |
| Exim | Exim | 4.10 |
| Exim | Exim | 4.11 |
| Exim | Exim | 4.12 |
| Exim | Exim | 4.14 |
| Exim | Exim | 4.20 |
| Exim | Exim | 4.21 |
| Exim | Exim | 4.22 |
| Exim | Exim | 4.23 |
| Exim | Exim | 4.24 |
| Exim | Exim | 4.30 |
| Exim | Exim | 4.31 |
| Exim | Exim | 4.32 |
| Exim | Exim | 4.33 |
| Exim | Exim | 4.34 |
| Exim | Exim | 4.40 |
| Exim | Exim | 4.41 |
| Exim | Exim | 4.42 |
| Exim | Exim | 4.43 |
| Exim | Exim | 4.44 |
| Exim | Exim | 4.50 |
| Exim | Exim | 4.51 |
| Exim | Exim | 4.52 |
| Exim | Exim | 4.53 |
| Exim | Exim | 4.54 |
| Exim | Exim | 4.60 |
| Exim | Exim | 4.61 |
| Exim | Exim | 4.62 |
| Exim | Exim | 4.63 |
| Exim | Exim | 4.64 |
| Exim | Exim | 4.65 |
| Exim | Exim | 4.66 |
| Exim | Exim | 4.67 |
| Exim | Exim | 4.68 |
| Exim | Exim | 4.69 |
| Exim | Exim | 4.70 |
| Exim | Exim | 4.71 |
| Exim | Exim | 4.72 |
| Exim | Exim | 4.73 |
| Exim | Exim | 4.74 |
| Exim | Exim | 4.75 |
| Exim | Exim | 4.76 |
| Exim | Exim | 4.77 |
| Exim | Exim | 4.80 |
Showing 50 of 52 affected configurations. See NVD for the full list.
References
- https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.htmlPatch, Vendor Advisory
- https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-2972?
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
How severe is CVE-2014-2972?
Severity scoring for CVE-2014-2972 is pending analysis. The EPSS model estimates a 0.49% probability of exploitation in the next 30 days.
How do I fix CVE-2014-2972?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-2972?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST