Infinite loop in exim (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-16944 |
| CWE-ID | CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
exim (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Infinite loop
EUVDB-ID: #VU9428
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16944
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to infinite loop in bdat_getc(). A remote attacker can connect to the SMTP service, send a specially crafted BDAT command, consume all available stack memory and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsexim (Alpine package): 4.89-r7
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=3cf81f9927c2ca7bbe6e3419fbab2eec08a9e8cb
https://git.alpinelinux.org/aports/commit/?id=c6ea9f9f7a7f5f3a5007438e551d8d444e96d5d9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
