CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30232 – Debian Security Advisory 5887-1
https://notcve.org/view.php?id=CVE-2025-30232
27 Mar 2025 — A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. It was discovered that Exim incorrectly handled certain memory operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://www.exim.org/static/doc/security/CVE-2025-30232.txt • CWE-416: Use After Free •
CVSS: 5.3EPSS: 8%CPEs: 7EXPL: 1CVE-2023-51766 – Debian Security Advisory 5597-1
https://notcve.org/view.php?id=CVE-2023-51766
24 Dec 2023 — Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42114 – Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42114
27 Sep 2023 — Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://www.zerodayinitiative.com/advisories/ZDI-23-1468 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 52%CPEs: 1EXPL: 2CVE-2023-42115 – Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42115
27 Sep 2023 — Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. • https://github.com/kirinse/cve-2023-42115 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 0CVE-2023-42116 – Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42116
27 Sep 2023 — Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://www.zerodayinitiative.com/advisories/ZDI-23-1470 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-37452 – Ubuntu Security Notice USN-5574-1
https://notcve.org/view.php?id=CVE-2022-37452
07 Aug 2022 — Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Exim versiones anteriores a 4.95, presenta un desbordamiento de búfer en la región heap de la memoria para la lista de alias en la función host_name_lookup en el archivo host.c cuando sender_host_name está establecido It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. • https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 1CVE-2022-37451
https://notcve.org/view.php?id=CVE-2022-37451
06 Aug 2022 — Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Exim versiones anteriores a 4.96, presenta una liberación no válida en el archivo pam_converse en auths/call_pam.c porque store_free no es usada después de store_malloc • https://cwe.mitre.org/data/definitions/762.html • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2021-38371 – Ubuntu Security Notice USN-6881-1
https://notcve.org/view.php?id=CVE-2021-38371
10 Aug 2021 — The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. La función STARTTLS en Exim versiones hasta 4.94.2, permite la inyección de respuestas (buffering) durante el envío MTA SMTP It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending. • https://nostarttls.secvuln.info • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28008 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28008
06 May 2021 — Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution. Exim 4 versiones anteriores a 4.94.2, permite una ejecución con Privilegios Innecesarios. Debido a que Exim opera como root en el directorio spool (propiedad para un usuario no root), un atacante puede escribir ... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28009 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28009
06 May 2021 — Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days). Exim 4 versiones anteriores a 4.94.2 permite el Desbordamiento de Enteros para un Desbordamiento de Búfer porque la función get_stdinput permite lecturas ilimitadas que van acompañadas de aumentos ilimitados en una determinada v... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt • CWE-190: Integer Overflow or Wraparound •