CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30232 – Exim Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-30232
27 Mar 2025 — A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Exim. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the dp command line parameter. The issue results from the lack of validating the existence of an object prior to per... • https://www.exim.org/static/doc/security/CVE-2025-30232.txt • CWE-416: Use After Free •
CVSS: 5.3EPSS: 3%CPEs: 7EXPL: 1CVE-2023-51766 – Debian Security Advisory 5597-1
https://notcve.org/view.php?id=CVE-2023-51766
24 Dec 2023 — Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 3.7EPSS: 12%CPEs: 1EXPL: 0CVE-2023-42114 – Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42114
27 Sep 2023 — Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://www.zerodayinitiative.com/advisories/ZDI-23-1468 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 6%CPEs: 1EXPL: 0CVE-2023-42116 – Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42116
27 Sep 2023 — Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://www.zerodayinitiative.com/advisories/ZDI-23-1470 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 63%CPEs: 1EXPL: 2CVE-2023-42115 – Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42115
27 Sep 2023 — Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. • https://github.com/kirinse/cve-2023-42115 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-37452 – Ubuntu Security Notice USN-5574-1
https://notcve.org/view.php?id=CVE-2022-37452
07 Aug 2022 — Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Exim versiones anteriores a 4.95, presenta un desbordamiento de búfer en la región heap de la memoria para la lista de alias en la función host_name_lookup en el archivo host.c cuando sender_host_name está establecido It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. • https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 1CVE-2022-37451
https://notcve.org/view.php?id=CVE-2022-37451
06 Aug 2022 — Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Exim versiones anteriores a 4.96, presenta una liberación no válida en el archivo pam_converse en auths/call_pam.c porque store_free no es usada después de store_malloc • https://cwe.mitre.org/data/definitions/762.html • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38371 – Ubuntu Security Notice USN-6881-1
https://notcve.org/view.php?id=CVE-2021-38371
10 Aug 2021 — The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. La función STARTTLS en Exim versiones hasta 4.94.2, permite la inyección de respuestas (buffering) durante el envío MTA SMTP It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending. • https://nostarttls.secvuln.info • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28016 – Ubuntu Security Notice USN-4934-2
https://notcve.org/view.php?id=CVE-2020-28016
06 May 2021 — Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. Exim 4 versiones anteriores a 4.94.2, permite una Escritura Fuera de Límites por dos pasos porque "-F ''" es manejado inapropiadamente con la función parse_fix_phrase USN-4934-1 fixed several vulnerabilities in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2020-28026 only affected Ubuntu 16.04 ESM. It was discovered that Exim contained multiple... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28008 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28008
06 May 2021 — Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution. Exim 4 versiones anteriores a 4.94.2, permite una ejecución con Privilegios Innecesarios. Debido a que Exim opera como root en el directorio spool (propiedad para un usuario no root), un atacante puede escribir ... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt • CWE-269: Improper Privilege Management •