Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Reference: https://bugs.exim.org/show_bug.cgi?id=2571 Upstream commits: https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86 https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
Created exim tracking bugs for this issue: Affects: epel-all [bug 1836364] Affects: fedora-all [bug 1836363]
Statement: This flaw does not affect Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, or Red Hat Enterprise Linux 8.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12783