cbcvebase.
CVE-2011-1764
published 2011-10-05

CVE-2011-1764: Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or…

PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.94%
89.1th percentile
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

Affected

71 ranges· showing 25
VendorProductVersion rangeFixed in
debianexim4< exim4 4.75-3 (bookworm)exim4 4.75-3 (bookworm)
eximexim<= 4.75
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim
eximexim

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.