Shodan
Vulnerabilities
Vulnerable Software
Exim:  >> Exim  >> 4.97  Security Vulnerabilities
CVE-2026-40684
In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.
CVSS Score
5.9
EPSS Score
0.001
Published
2026-04-30
CVE-2026-40685
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-04-30
CVE-2026-40686
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-04-30
CVE-2026-40687
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
CVSS Score
4.8
EPSS Score
0.001
Published
2026-04-30
CVE-2025-67896
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
CVSS Score
7.0
EPSS Score
0.001
Published
2025-12-14
CVE-2025-30232
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-03-28
CVE-2024-39929
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
CVSS Score
5.4
EPSS Score
0.603
Published
2024-07-04
CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
CVSS Score
5.3
EPSS Score
0.016
Published
2023-12-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved