Vulnerabilities > CVE-2022-37451 - Release of Invalid Pointer or Reference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
exim
fedoraproject
CWE-763

Summary

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

Vulnerable Configurations

Part Description Count
Application
Exim
152
OS
Fedoraproject
2

Common Weakness Enumeration (CWE)