CVE-2021-38371
published 2021-08-10CVE-2021-38371: The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
2.00%
78.2th percentile
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.95~RC2-1 (bookworm) | exim4 4.95~RC2-1 (bookworm) |
| exim | exim | <= 4.94.2 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Exim vulnerability
vendor_ubuntu·2024-07-08
CVE-2021-38371 Exim vulnerability
Title: Exim vulnerability
Summary: Exim could be made to allow response injection if it received a specially
crafted response.
It was discovered that Exim did not enforce STARTTLS sync point on client
side. An attacker could possibly use this issue to perform response
injection during MTA SMTP sending.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2021-38371: exim4 - The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering...
vendor_debian·2021·CVSS 7.5
CVE-2021-38371 [HIGH] CVE-2021-38371: exim4 - The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering...
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
Scope: local
bookworm: resolved (fixed in 4.95~RC2-1)
bullseye: resolved (fixed in 4.94.2-7+deb11u4)
forky: resolved (fixed in 4.95~RC2-1)
sid: resolved (fixed in 4.95~RC2-1)
trixie: resolved (fixed in 4.95~RC2-1)
GHSA
GHSA-8gh2-336j-g8v7: The STARTTLS feature in Exim through 4
ghsa_unreviewed·2022-05-24
CVE-2021-38371 [HIGH] CWE-74 GHSA-8gh2-336j-g8v7: The STARTTLS feature in Exim through 4
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
OSV
CVE-2021-38371: The STARTTLS feature in Exim through 4
osv·2021-08-10·CVSS 7.5
CVE-2021-38371 [HIGH] CVE-2021-38371: The STARTTLS feature in Exim through 4
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-08-10
Published