Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
CVSS Score
5.3
EPSS Score
0.032
Published
2023-12-24
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.
CVSS Score
4.6
EPSS Score
0.001
Published
2022-10-17
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVSS Score
9.8
EPSS Score
0.017
Published
2022-08-07
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
CVSS Score
7.5
EPSS Score
0.039
Published
2022-08-06
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
CVSS Score
7.5
EPSS Score
0.019
Published
2021-08-10
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
CVSS Score
6.3
EPSS Score
0.001
Published
2021-05-06
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-05-06
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-05-06
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).
CVSS Score
7.8
EPSS Score
0.001
Published
2021-05-06
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
CVSS Score
7.8
EPSS Score
0.001
Published
2021-05-06
Page 1