cbcvebase.

Debian Exim4 vulnerabilities

62 known vulnerabilities affecting debian/exim4.

Total CVEs
62
CISA KEV
5
actively exploited
Public exploits
10
Exploited in wild
7
Severity breakdown
CRITICAL16HIGH26MEDIUM11LOW9

Vulnerabilities

Page 3 of 4
CVE-2020-28025P3HIGHCVSS 7.5fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28025 [HIGH] CVE-2020-28025: exim4 - Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash doe... Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixe
debian
CVE-2020-28023P3HIGHCVSS 7.5fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28023 [HIGH] CVE-2020-28023: exim4 - Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sens... Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1) sid: resolved (fixed in 4.94.2-1) trixie: resolved (fixed in 4.94.2-1)
debian
CVE-2020-28013P3HIGHCVSS 7.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28013 [HIGH] CVE-2020-28013: exim4 - Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F... Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1)
debian
CVE-2020-28010P3HIGHCVSS 7.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28010 [HIGH] CVE-2020-28010: exim4 - Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while... Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1) sid: resolved (fixed in 4.94.2-1) trixie: r
debian
CVE-2020-28016P3HIGHCVSS 7.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28016 [HIGH] CVE-2020-28016: exim4 - Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is... Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1) sid: resolved (fixed in 4.94.2-1) trixie: resolved (fixed in 4.94.2-1)
debian
CVE-2020-28011P3HIGHCVSS 7.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28011 [HIGH] CVE-2020-28011: exim4 - Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two send... Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1) sid: resolved (fixed in 4.94.2-1) trixie: resolved (fixed in 4.94.2-1)
debian
CVE-2020-28012P3HIGHCVSS 7.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28012 [HIGH] CVE-2020-28012: exim4 - Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sp... Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1) sid: resolved (fixed in 4.94.2-1) trixie: resolved (fixed in 4.94.2-1)
debian
CVE-2022-37451P3HIGHCVSS 7.5fixed in exim4 4.95-4 (bookworm)2022
CVE-2022-37451 [HIGH] CVE-2022-37451: exim4 - Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because... Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Scope: local bookworm: resolved (fixed in 4.95-4) bullseye: resolved forky: resolved (fixed in 4.95-4) sid: resolved (fixed in 4.95-4) trixie: resolved (fixed in 4.95-4)
debian
CVE-2020-28009P3HIGHCVSS 7.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28009 [HIGH] CVE-2020-28009: exim4 - Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdi... Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days). Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.
debian
CVE-2004-0400P3HIGHCVSS 7.5fixed in exim4 4.33-1 (bookworm)2004
CVE-2004-0400 [HIGH] CVE-2004-0400: exim4 - Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax... Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check. Scope: local bookworm: resolved (fixed in 4.33-1) bullseye: resolved (fixed in 4.33-1) forky: resolved (fixed in 4.33-1) sid: resolved (fixed in 4.33-1) trixi
debian
CVE-2020-28015P3HIGHCVSS 7.8fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28015 [HIGH] CVE-2020-28015: exim4 - Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users... Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1) sid: resolved (fixed in 4.94.2-1) trixie: resolved (fixed in 4.
debian
CVE-2021-27216P4MEDIUMCVSS 6.3fixed in exim4 4.94.2-1 (bookworm)2021
CVE-2021-27216 [MEDIUM] CVE-2021-27216: exim4 - Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a ... Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1) sid: resolved (fixed in 4.94.2-1) trixie
debian
CVE-2016-9963P4MEDIUMCVSS 5.9fixed in exim4 4.88~RC6-2 (bookworm)2016
CVE-2016-9963 [MEDIUM] CVE-2016-9963: exim4 - Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signi... Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Scope: local bookworm: resolved (fixed in 4.88~RC6-2) bullseye: resolved (fixed in 4.88~RC6-2) forky: resolved (fixed in 4.88~RC6-2) sid: resolved (fixed in 4.88~RC6-2) trixie: resolved (fixed in 4.88~RC6-2)
debian
CVE-2014-2972P4LOWCVSS 4.6fixed in exim4 4.82.1-2 (bookworm)2014
CVE-2014-2972 [MEDIUM] CVE-2014-2972: exim4 - expand.c in Exim before 4.83 expands mathematical comparisons twice, which allow... expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Scope: local bookworm: resolved (fixed in 4.82.1-2) bullseye: resolved (fixed in 4.82.1-2) forky: resolved (fixed in 4.82.1-2) sid: resolved (fixed in 4.82.1-2) trixie: resolved (fixed in 4.82.1-2)
debian
CVE-2023-51766P4MEDIUMCVSS 5.3fixed in exim4 4.96-15+deb12u4 (bookworm)2023
CVE-2023-51766 [MEDIUM] CVE-2023-51766: exim4 - Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configur... Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not. Scope: local bookworm: resolve
debian
CVE-2020-28014P4MEDIUMCVSS 6.1fixed in exim4 4.94.2-1 (bookworm)2020
CVE-2020-28014 [MEDIUM] CVE-2020-28014: exim4 - Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP optio... Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. Scope: local bookworm: resolved (fixed in 4.94.2-1) bullseye: resolved (fixed in 4.94.2-1) forky: resolved (fixed in 4.94.2-1) sid: resolved (fixed in 4.94.2-1) trixie: resolved (
debian
CVE-2005-0022P4MEDIUMCVSS 4.6fixed in exim4 4.34-10 (bookworm)2005
CVE-2005-0022 [MEDIUM] CVE-2005-0022: exim4 - Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as origi... Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. Scope: local bookworm: resolved (fixed in 4.34-10) bullseye: resolved (fixed in 4.34-10) forky: resolved (fixed in 4.34-10) sid: resolved
debian
CVE-2011-0017P4MEDIUMCVSS 6.9fixed in exim4 4.72-4 (bookworm)2011
CVE-2011-0017 [MEDIUM] CVE-2011-0017: exim4 - The open_log function in log.c in Exim 4.72 and earlier does not check the retur... The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. Scope: local bookworm: resolved (fixed in 4.72-4) bullseye: resolved (fixed in 4.72-4) forky: resolved (fixed in 4.72-4) sid: resolved (fixed in 4.72-4)
debian
CVE-2023-42119P4LOWCVSS 3.1fixed in exim4 4.96-15+deb12u3 (bookworm)2023
CVE-2023-42119 [LOW] CVE-2023-42119: exim4 - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnera... Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the l
debian
CVE-2010-2024P4LOWCVSS 4.4fixed in exim4 4.72-1 (bookworm)2010
CVE-2010-2024 [MEDIUM] CVE-2010-2024: exim4 - transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows... transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. Scope: local bookworm: resolved (fixed in 4.72-1) bullseye: resolved (fixed in 4.72-1) forky: resolved (f
debian
Debian Exim4 vulnerabilities | cvebase