⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2010-4344Out-of-bounds Write in Exim

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-78OS Command Injection15 documents12 sources
Severity
9.8CRITICALNVD
EPSS
53.1%
top 2.03%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
EximDebian Exim4Canonical Ubuntu Linux+2 more
Timeline
PublishedDec 14
KEV addedMar 25
KEV dueApr 15
Latest updateMay 17
CISA Required Action: Apply updates per vendor instructions.

Description

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDexim/exim< 4.70
debiandebian/exim4< exim4 4.70-1 (bookworm)
NVDopensuse/opensuse11.1, 11.2, 11.3+2

Also affects: Debian Linux 5.0, Ubuntu Linux 6.06, 8.04, 9.10

Patches

Patch: bugs.exim.orgPatch: git.exim.orgPatch: lists.exim.org

🔴Vulnerability Details

3
GHSA
GHSA-mvgg-qcrq-7wr8: Heap-based buffer overflow in the string_vformat function in string2022-05-17
OSV
CVE-2010-4344: Heap-based buffer overflow in the string_vformat function in string2010-12-14
VulnCheck
Exim Heap-Based Buffer Overflow Vulnerability2010

💥Exploits & PoCs

4
Exploit-DB
Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)2010-12-16
Exploit-DB
Exim 4.63 - Remote Command Execution2010-12-11
Exploit-DB
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion2010-11-20
Metasploit
Exim4 string_format Function Heap Buffer Overflow

📋Vendor Advisories

4
CISA
Exim Heap-Based Buffer Overflow Vulnerability2022-03-25
Ubuntu
Exim vulnerability2010-12-11
Red Hat
exim: remote code execution flaw2010-12-07
Debian
CVE-2010-4344: exim4 - Heap-based buffer overflow in the string_vformat function in string.c in Exim be...2010

🕵️Threat Intelligence

2
Talos
Exim Remote Root2010-12-14
Talos
Exim Remote Root2010-12-14

💬Community

1
Bugzilla
CVE-2010-4344 exim: remote code execution flaw2010-12-09