Exim: community verdicts
3 notable / known-exploited Exim CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Exim CVE, see NVD ↗.
- CVE-2019-10149CRIT 9.8KEVEPSS 100%
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
- CVE-2018-6789CRIT 9.8KEVEPSS 82%
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
- CVE-2010-4344CRIT 9.8KEVEPSS 72%
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.