Published: 06/05/2021 Updated: 10/05/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Exim 4 prior to 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exim exim

Vendor Advisories

A heap out-of-bounds read and write in extract_option() has been found in Exim before version 4942 ...
The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution Details can be found in the Qualys advisory at wwwqualyscom/2021/05/04/21nails/21nailstxt For the stable distribution (buster), these problems have been fixed in version 4 ...

Mailing Lists

Dear Exim-Users Abstract -------- Several exploitable vulnerabilities in Exim were reported to us and are fixed We have prepared a security release, tagged as "exim-4942" This release contains all changes on the exim-494+fixes branch plus security fixes You should update your Exim instances as soon as possible (See below for short upgra ...
Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim ======================================================================== Contents ======================================================================== Summary Local vulnerabilities - CVE-2020-28007: Link attack in Exim's log directory - CVE-2020-28008: Assorted attacks in Ex ...