CVE-2023-42117Improper Neutralization of Special Elements in Exim

CWE-138Improper Neutralization of Special ElementsCWE-77Command Injection12 documents9 sources
Severity
9.8CRITICALNVD
EPSS
7.3%
top 8.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Exim
Timeline
PublishedMay 3

Description

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDexim/exim< 4.96.2
CVEListV5exim/exim4.96-RC1-11-315206fbf

🔴Vulnerability Details

4
CVEList
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability2024-05-03
GHSA
GHSA-qf54-2qx8-3vcv: Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability2024-05-03
OSV
CVE-2023-42117: Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability2024-05-03
OSV
exim4 vulnerabilities2023-10-26

📋Vendor Advisories

3
Ubuntu
Exim vulnerabilities2023-10-26
Red Hat
Exim: Improper Neutralization of Special Elements Remote Code Execution Vulnerability2023-09-27
Debian
CVE-2023-42117: exim4 - Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerabi...2023

🕵️Threat Intelligence

4
Wiz
Exim 0day Vulnerabilities: Everything You Need to Know | Wiz Blog2023-10-02
Wiz
Exim 0day Vulnerabilities: Everything You Need to Know | Wiz Blog2023-10-02
Bleepingcomputer
Exim patches three of six zero-day bugs disclosed last week2023-10-02
Bleepingcomputer
Millions of Exim mail servers exposed to zero-day RCE attacks2023-09-29