vulnerability
Arch Linux: Denial of service (CVE-2017-1000369)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:P/A:N) | Jun 19, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
Jun 19, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
An uncontrolled resource consumption flaw has been discovered in Exim before 4.89.1. The use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed results in leaking memory. While Exim itself is not vulnerable to privilege escalation, this particular flaw can be used by the stackguard vulnerability to achieve privilege escalation.
Solution
arch-linux-upgrade-latest
References
- CVE-2017-100036
- https://attackerkb.com/topics/CVE-2017-100036
- URL-http://www.debian.org/security/2017/dsa-3888
- URL-http://www.securityfocus.com/bid/99252
- URL-http://www.securitytracker.com/id/1038779
- URL-https://access.redhat.com/security/cve/CVE-2017-1000369
- URL-https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
- URL-https://security.archlinux.org/ASA-201711-32
- URL-https://security.gentoo.org/glsa/201709-19
- URL-https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- CWE-404
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.