CVE-2023-42119
published 2024-05-03CVE-2023-42119: Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on…
PriorityP419low3.1CVSS 3.0
AVAACHPRNUINSUCLINAN
EPSS
1.59%
72.6th percentile
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account.
. Was ZDI-CAN-17643.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.96-15+deb12u3 (bookworm) | exim4 4.96-15+deb12u3 (bookworm) |
| exim | exim | < 4.96.2 | 4.96.2 |
| exim | exim | — | — |
| ubuntu | exim4 | — | — |
CVSS provenance
nvdv3.03.1LOWCVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian3.1LOW
vendor_redhat3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Exim regression
vendor_ubuntu·2026-06-10·CVSS 9.8
CVE-2023-42117 [CRITICAL] Exim regression
Title: Exim regression
Summary: USN-6455-1 introduced a regression in Exim
USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117
introduced a regression on Ubuntu 22.04 LTS that resulted in certain
connections logging a Taint mismatch error. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to memory corruption. A remote attacker could
possibly use this issue to execute arbitrary code. (CVE-2023-42117)
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to an out-of-bounds read. An attacker could possibly
use this issue to expose sensitive information. (CVE-2023-42119)
Instructions
Ubuntu
Exim vulnerabilities
vendor_ubuntu·2023-10-26·CVSS 9.8
CVE-2023-42117 [CRITICAL] Exim vulnerabilities
Title: Exim vulnerabilities
Summary: Several security issues were fixed in Exim.
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to memory corruption. A remote attacker could
possibly use this issue to execute arbitrary code. (CVE-2023-42117)
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to an out-of-bounds read. An attacker could possibly
use this issue to expose sensitive information. (CVE-2023-42119)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Exim: dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
vendor_redhat·2023-09-27·CVSS 3.1
CVE-2023-42119 [LOW] CWE-125 Exim: dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
Exim: dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account.
. Was ZDI-CAN-17643.
An out-of-bounds read flaw was found in Exim which exists within the smtp service. The is
Debian
CVE-2023-42119: exim4 - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnera...
vendor_debian·2023·CVSS 3.1
CVE-2023-42119 [LOW] CVE-2023-42119: exim4 - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnera...
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643.
Scope: local
bookworm: resolved (fixed in 4.96-15+deb12u3)
bullseye: resolved (fixed in 4.94.2-7+deb11u4)
forky: resolved (fixed in 4.97~RC2-2)
sid: resolved (
OSV
CVE-2023-42119: Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
osv·2024-05-03·CVSS 3.1
CVE-2023-42119 [LOW] CVE-2023-42119: Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643.
GHSA
GHSA-hpcw-47wp-rc8h: Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
ghsa_unreviewed·2024-05-03
CVE-2023-42119 [LOW] CWE-125 GHSA-hpcw-47wp-rc8h: Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-17643.
OSV
exim4 vulnerabilities
osv·2023-10-26·CVSS 9.8
CVE-2023-42117 [CRITICAL] exim4 vulnerabilities
exim4 vulnerabilities
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to memory corruption. A remote attacker could
possibly use this issue to execute arbitrary code. (CVE-2023-42117)
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to an out-of-bounds read. An attacker could possibly
use this issue to expose sensitive information. (CVE-2023-42119)
No detection rules found.
No public exploits indexed.
Wiz
Exim 0day Vulnerabilities: Everything You Need to Know | Wiz Blog
blogs_wiz·2023-10-02·CVSS 9.8
CVE-2023-42115 [CRITICAL] Exim 0day Vulnerabilities: Everything You Need to Know | Wiz Blog
Multiple vulnerabilities were publicly disclosed by the Zero Day Initiative (ZDI) in Exim Mail Transfer Agent (MTA), including CVE-2023-42115, which is a critical vulnerability enabling unauthenticated attackers to remotely execute code on publicly exposed Exim servers with “External” authentication enabled. This issue results from improper input validation that leads to writing arbitrary code past the end of the buffer. The recommendation is to update Exim to patched versions, or if not possible, restrict remote access to Exim mail servers if you have “External” authentication enabled, or to switch to a different authentication method.
## What is CVE-2023-42115?
Exim is a very prevalent mail server, due in part to being the default MTA preinstalled on Debian and other Linux distribution
Wiz
Exim 0day Vulnerabilities: Everything You Need to Know | Wiz Blog
blogs_wiz·2023-10-02·CVSS 9.8
CVE-2023-42115 [CRITICAL] Exim 0day Vulnerabilities: Everything You Need to Know | Wiz Blog
Multiple vulnerabilities were publicly disclosed by the Zero Day Initiative (ZDI) in Exim Mail Transfer Agent (MTA), including CVE-2023-42115, which is a critical vulnerability enabling unauthenticated attackers to remotely execute code on publicly exposed Exim servers with “External” authentication enabled. This issue results from improper input validation that leads to writing arbitrary code past the end of the buffer. The recommendation is to update Exim to patched versions, or if not possible, restrict remote access to Exim mail servers if you have “External” authentication enabled, or to switch to a different authentication method.
# What is CVE-2023-42115?
Exim is a very prevalent mail server, due in part to being the default MTA preinstalled on Debian and other Linux distributions
Bleepingcomputer
Exim patches three of six zero-day bugs disclosed last week
blogs_bleepingcomputer·2023-10-02·CVSS 5.3
CVE-2023-42115 [MEDIUM] Exim patches three of six zero-day bugs disclosed last week
## Exim patches three of six zero-day bugs disclosed last week
## Sergiu Gatlan
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution.
Discovered by an anonymous security researcher, the security flaw (CVE-2023-42115) is due to an Out-of-bounds Write weakness found in the SMTP service and can be exploited by remote unauthenticated attackers to execute code in the context of the service account.
"The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer," ZDI's advisory exp
Bleepingcomputer
Millions of Exim mail servers exposed to zero-day RCE attacks
blogs_bleepingcomputer·2023-09-29·CVSS 9.8
CVE-2023-42115 [CRITICAL] Millions of Exim mail servers exposed to zero-day RCE attacks
## Millions of Exim mail servers exposed to zero-day RCE attacks
## Sergiu Gatlan
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
Found by an anonymous security researcher and disclosed through Trend Micro's Zero Day Initiative (ZDI), the security bug (CVE-2023-42115) is due to an Out-of-bounds Write weakness found in the SMTP service.
While this type of issue can lead to software crashes or corruption of data following successful exploitation, it can also be abused by attackers for code or command execution on vulnerable servers.
"The specific flaw exists within the smtp service, which listens on TCP port 25 by default," a ZDI security advisory
2024-05-03
Published