Unrated severityNVD Advisory· Published Dec 24, 2023· Updated Nov 4, 2025
CVE-2023-51766
CVE-2023-51766
Description
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25- osv-coords23 versionspkg:apk/chainguard/eximpkg:apk/chainguard/exim-cdbpkg:apk/chainguard/exim-dbmdbpkg:apk/chainguard/exim-dnsdbpkg:apk/chainguard/exim-docpkg:apk/chainguard/exim-mysqlpkg:apk/chainguard/exim-pgsqlpkg:apk/chainguard/exim-scriptspkg:apk/chainguard/exim-sqlitepkg:apk/chainguard/exim-utilspkg:apk/wolfi/eximpkg:apk/wolfi/exim-cdbpkg:apk/wolfi/exim-dbmdbpkg:apk/wolfi/exim-dnsdbpkg:apk/wolfi/exim-docpkg:apk/wolfi/exim-mysqlpkg:apk/wolfi/exim-pgsqlpkg:apk/wolfi/exim-scriptspkg:apk/wolfi/exim-sqlitepkg:apk/wolfi/exim-utilspkg:rpm/opensuse/exim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/exim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/exim&distro=SUSE%20Package%20Hub%2015%20SP5
< 4.97.1-r0+ 22 more
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-r0
- (no CPE)range: < 4.97.1-bp155.5.9.1
- (no CPE)range: < 4.97.1-1.1
- (no CPE)range: < 4.97.1-bp155.5.9.1
Patches
Vulnerability mechanics
References
20- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/mitrevendor-advisory
- www.openwall.com/lists/oss-security/2023/12/24/1mitremailing-list
- www.openwall.com/lists/oss-security/2023/12/25/1mitremailing-list
- www.openwall.com/lists/oss-security/2023/12/29/2mitremailing-list
- www.openwall.com/lists/oss-security/2024/01/01/1mitremailing-list
- www.openwall.com/lists/oss-security/2024/01/01/2mitremailing-list
- www.openwall.com/lists/oss-security/2024/01/01/3mitremailing-list
- lists.debian.org/debian-lts-announce/2024/01/msg00002.htmlmitremailing-list
- bugs.exim.org/show_bug.cgimitre
- bugzilla.redhat.com/show_bug.cgimitre
- exim.org/static/doc/security/CVE-2023-51766.txtmitre
- fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.htmlmitre
- git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5camitre
- git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5mitre
- github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766mitre
- lwn.net/Articles/956533/mitre
- sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/mitre
- www.openwall.com/lists/oss-security/2023/12/23/2mitre
- www.youtube.com/watchmitre
News mentions
0No linked articles in our index yet.