Debian Exim4 vulnerabilities
62 known vulnerabilities affecting debian/exim4.
Total CVEs
62
CISA KEV
5
actively exploited
Public exploits
10
Exploited in wild
7
Severity breakdown
CRITICAL16HIGH26MEDIUM11LOW9
Vulnerabilities
Page 1 of 4
CVE-2019-10149P1CRITICALCVSS 9.8KEVPoCfixed in exim4 4.92~RC3-1 (bookworm)2019
CVE-2019-10149 [CRITICAL] CVE-2019-10149: exim4 - A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation ...
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Scope: local
bookworm: resolved (fixed in 4.92~RC3-1)
bullseye: resolved (fixed in 4.92~RC3-1)
forky: resolved (fixed in 4.92~RC3-1)
sid: resolved (fixed in 4.92~RC3-1)
trixie: re
debian
CVE-2018-6789P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in exim4 4.90.1-1 (bookworm)2018
CVE-2018-6789 [CRITICAL] CVE-2018-6789: exim4 - An issue was discovered in the base64d function in the SMTP listener in Exim bef...
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Scope: local
bookworm: resolved (fixed in 4.90.1-1)
bullseye: resolved (fixed in 4.90.1-1)
forky: resolved (fixed in 4.90.1-1)
sid: resolved (fixed in 4.90.1-1)
trixie:
debian
CVE-2010-4344P1CRITICALCVSS 9.8KEVPoCfixed in exim4 4.70-1 (bookworm)2010
CVE-2010-4344 [CRITICAL] CVE-2010-4344: exim4 - Heap-based buffer overflow in the string_vformat function in string.c in Exim be...
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Scope: local
bookworm: resolved (fixed in 4.70-1)
bullseye: resolved (fix
debian
CVE-2010-4345P1HIGHCVSS 7.8KEVPoCfixed in exim4 4.72-3 (bookworm)2010
CVE-2010-4345 [HIGH] CVE-2010-4345: exim4 - Exim 4.72 and earlier allows local users to gain privileges by leveraging the ab...
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Scope: local
bookworm: resolved (fixed in 4.72-3)
bullseye: resolved (fixed in 4.72-3)
forky: resolved (fixed in 4.72
debian
CVE-2019-16928P1CRITICALCVSS 9.8KEVfixed in exim4 4.92.2-3 (bookworm)2019
CVE-2019-16928 [CRITICAL] CVE-2019-16928: exim4 - Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability...
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Scope: local
bookworm: resolved (fixed in 4.92.2-3)
bullseye: resolved (fixed in 4.92.2-3)
forky: resolved (fixed in 4.92.2-3)
sid: resolved (fixed in 4.92.2-3)
trix
debian
CVE-2019-15846P1CRITICALCVSS 9.8ExploitedPoCRansomwarefixed in exim4 4.92.1-3 (bookworm)2019
CVE-2019-15846 [CRITICAL] CVE-2019-15846: exim4 - Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via...
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
Scope: local
bookworm: resolved (fixed in 4.92.1-3)
bullseye: resolved (fixed in 4.92.1-3)
forky: resolved (fixed in 4.92.1-3)
sid: resolved (fixed in 4.92.1-3)
trixie: resolved (fixed in 4.92.1-3)
debian
CVE-2012-5671P2MEDIUMCVSS 6.8Exploitedfixed in exim4 4.80-5.1 (bookworm)2012
CVE-2012-5671 [MEDIUM] CVE-2012-5671: exim4 - Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in ...
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
Scope: local
bookworm: resolved (fixed in 4.80-5.1)
b
debian
CVE-2017-16944P2HIGHCVSS 7.5PoCfixed in exim4 4.89-13 (bookworm)2017
CVE-2017-16944 [HIGH] CVE-2017-16944: exim4 - The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 a...
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
Scope: local
bookworm: resolved (fixed in 4.89-13)
bu
debian
CVE-2025-26794P2LOWCVSS 7.5fixed in exim4 4.98-4 (forky)2025
CVE-2025-26794 [HIGH] CVE-2025-26794: exim4 - Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allo...
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved (fixed in 4.98-4)
sid: resolved (fixed in 4.98-4)
trixie: resolved (fixed in 4.98-4)
debian
CVE-2023-42115P2CRITICALCVSS 9.8fixed in exim4 4.96-15+deb12u2 (bookworm)2023
CVE-2023-42115 [CRITICAL] CVE-2023-42115: exim4 - Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerab...
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper
debian
CVE-2023-42116P2CRITICALCVSS 9.8fixed in exim4 4.96-15+deb12u2 (bookworm)2023
CVE-2023-42116 [CRITICAL] CVE-2023-42116: exim4 - Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerabil...
Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper
debian
CVE-2023-42117P2CRITICALCVSS 9.8fixed in exim4 4.96-15+deb12u3 (bookworm)2023
CVE-2023-42117 [CRITICAL] CVE-2023-42117: exim4 - Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerabi...
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from
debian
CVE-2017-16943P2CRITICALCVSS 9.8fixed in exim4 4.89-12 (bookworm)2017
CVE-2017-16943 [CRITICAL] CVE-2017-16943: exim4 - The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 a...
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
Scope: local
bookworm: resolved (fixed in 4.89-12)
bullseye: resolved (fixed in 4.89-12)
forky: resolved (fixed in 4.89-12)
sid: resolved (fixed in 4.89-1
debian
CVE-2020-28017P2CRITICALCVSS 9.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28017 [CRITICAL] CVE-2020-28017: exim4 - Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_r...
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
Scope: local
bookworm: resolved (fixed in 4.94.2-1)
bullseye: resolved (fixed in 4.94.2-1)
forky: resolved (fixed in 4.94.2-1)
sid: resolved (fixed
debian
CVE-2020-28026P2CRITICALCVSS 9.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28026 [CRITICAL] CVE-2020-28026: exim4 - Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in...
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.
Scope: local
bookworm: resolved (fixed in 4.94.2
debian
CVE-2020-28018P2LOWCVSS 9.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28018 [CRITICAL] CVE-2020-28018: exim4 - Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations t...
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
Scope: local
bookworm: resolved (fixed in 4.94.2-1)
bullseye: resolved (fixed in 4.94.2-1)
forky: resolved (fixed in 4.94.2-1)
sid: resolved (fixed in 4.94.2-1)
trixie: resolved (fixed in 4.94.2-1)
debian
CVE-2004-0399P3HIGHCVSS 7.5PoCfixed in exim4 4.33-1 (bookworm)2004
CVE-2004-0399 [HIGH] CVE-2004-0399: exim4 - Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the ...
Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
Scope: local
bookworm: resolved (fixed in 4.33-1)
bullseye: resolved (fixed in 4.33-1)
forky: resolved (fixed in 4.33-1)
sid: resolved (fixed in
debian
CVE-2020-28024P2CRITICALCVSS 9.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28024 [CRITICAL] CVE-2020-28024: exim4 - Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated...
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
Scope: local
bookworm: resolved (fixed in 4.94.2-1)
bullseye: resolved (fixed in 4.94.2-1)
forky: resolved (f
debian
CVE-2020-28019P3HIGHCVSS 7.5fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28019 [HIGH] CVE-2020-28019: exim4 - Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-base...
Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.
Scope: local
bookworm: resolved (fixed in 4.94.2-1)
bullseye: resolved (fixed in 4.94.2-1)
forky: resolved (fixed in 4.94.2-1)
sid: resolved (
debian
CVE-2016-1531P3HIGHCVSS 7.0PoCfixed in exim4 4.86.2-1 (bookworm)2016
CVE-2016-1531 [HIGH] CVE-2016-1531: exim4 - Exim before 4.86.2, when installed setuid root, allows local users to gain privi...
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
Scope: local
bookworm: resolved (fixed in 4.86.2-1)
bullseye: resolved (fixed in 4.86.2-1)
forky: resolved (fixed in 4.86.2-1)
sid: resolved (fixed in 4.86.2-1)
trixie: resolved (fixed in 4.86.2-1)
debian
1 / 4Next →