CVE-2023-42115Out-of-bounds Write in Exim

CWE-787Out-of-bounds Write20 documents12 sources
Severity
9.8CRITICALNVD
OSV5.3
EPSS
70.7%
top 1.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Exim
Timeline
PublishedMay 3
Latest updateFeb 18

Description

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability t

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDexim/exim< 4.96.1
CVEListV5exim/eximexim 4.95

🔴Vulnerability Details

4
OSV
CVE-2023-42115: Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability2024-05-03
CVEList
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability2024-05-03
GHSA
GHSA-67rj-8f2h-26fc: Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability2024-05-03
OSV
exim4 vulnerabilities2023-10-04

🔍Detection Rules

1
Suricata
ET EXPLOIT Suspected Exim External Auth Overflow (CVE-2023-42115)2023-10-03

📋Vendor Advisories

3
Ubuntu
Exim vulnerabilities2023-10-04
Red Hat
Exim: AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability2023-09-27
Debian
CVE-2023-42115: exim4 - Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerab...2023

🕵️Threat Intelligence

11
Wiz
RCE meaning: Remote code execution attacks explained | Wiz2026-02-18
Wiz
RCE meaning: Remote code execution attacks explained | Wiz2026-02-18
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs2025-02-26
Qualys
Defense Lessons From the Black Basta Ransomware Playbook2025-02-25
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys2025-02-25