CVE-2022-3620: 
Exim vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in Exim mail transfer agent, specifically affecting the dmarcdnslookup function in the dmarc.c file of the DMARC Handler component. The vulnerability was assigned CVE-2022-3620 and was fixed in October 2022 (Debian Security).

The vulnerability exists in the dmarcdnslookup function within the DMARC (Domain-based Message Authentication, Reporting, and Conformance) handler component of Exim. The issue involves improper handling of memory that leads to a use-after-free condition. The vulnerability was patched with commit 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 in the Exim source code (Debian Security).

The vulnerability could potentially lead to unauthorized access to memory after it has been freed, which could result in program crashes or potential code execution. The issue affects various versions of Exim before the patch was applied (Fedora Update).

The vulnerability was fixed in various distribution releases including Fedora 35, 36, and 37 with version 4.96-5. Users are advised to update their Exim installations to the patched versions. For Fedora users, the fix can be applied using the dnf upgrade command with the appropriate advisory (Fedora Update).