Exim
by Exim
Source repositories
CVEs (74)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15846 | 0.05 | — | 0.36 | Sep 6, 2019 | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | |||
| CVE-2004-0399 | 0.05 | — | 0.21 | Jul 7, 2004 | Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification. | |||
| CVE-2001-0690 | 0.04 | — | 0.12 | Sep 20, 2001 | Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. | |||
| CVE-2005-0021 | 0.03 | — | 0.03 | May 2, 2005 | Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line… | |||
| CVE-2002-1381 | 0.03 | — | 0.02 | Dec 23, 2002 | Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. | |||
| CVE-1999-0971 | 0.03 | — | 0.01 | Jul 22, 1997 | Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. | |||
| CVE-2020-28020 | 0.02 | — | 0.08 | May 6, 2021 | Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. | |||
| CVE-2023-42117 | 0.01 | — | 0.06 | May 3, 2024 | Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2023-42116 | 0.01 | — | 0.03 | May 3, 2024 | Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2023-42114 | 0.01 | — | 0.28 | May 3, 2024 | Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2019-13917 | 0.01 | — | 0.09 | Jul 25, 2019 | Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). | |||
| CVE-2012-5671 | 0.01 | — | 0.08 | Oct 31, 2012 | Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via… | |||
| CVE-2004-0400 | 0.01 | — | 0.07 | Jul 7, 2004 | Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check. | |||
| CVE-2001-0889 | 0.01 | — | 0.06 | Dec 19, 2001 | Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. | |||
| CVE-2025-67896 | 0.00 | — | 0.00 | Dec 14, 2025 | Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation. | |||
| CVE-2025-30232 | 0.00 | — | 0.01 | Mar 27, 2025 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | |||
| CVE-2023-42119 | 0.00 | — | 0.02 | May 3, 2024 | Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2023-51766 | 0.00 | — | 0.01 | Dec 24, 2023 | Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because… | |||
| CVE-2022-3620 | 0.00 | — | 0.01 | Oct 20, 2022 | A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is… | |||
| CVE-2022-3559 | 0.00 | — | 0.04 | Oct 17, 2022 | A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a… |
- CVE-2019-15846Sep 6, 2019risk 0.05cvss —epss 0.36
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
- CVE-2004-0399Jul 7, 2004risk 0.05cvss —epss 0.21
Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
- CVE-2001-0690Sep 20, 2001risk 0.04cvss —epss 0.12
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
- CVE-2005-0021May 2, 2005risk 0.03cvss —epss 0.03
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line…
- CVE-2002-1381Dec 23, 2002risk 0.03cvss —epss 0.02
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
- CVE-1999-0971Jul 22, 1997risk 0.03cvss —epss 0.01
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
- CVE-2020-28020May 6, 2021risk 0.02cvss —epss 0.08
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
- CVE-2023-42117May 3, 2024risk 0.01cvss —epss 0.06
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2023-42116May 3, 2024risk 0.01cvss —epss 0.03
Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2023-42114May 3, 2024risk 0.01cvss —epss 0.28
Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2019-13917Jul 25, 2019risk 0.01cvss —epss 0.09
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
- CVE-2012-5671Oct 31, 2012risk 0.01cvss —epss 0.08
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via…
- CVE-2004-0400Jul 7, 2004risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
- CVE-2001-0889Dec 19, 2001risk 0.01cvss —epss 0.06
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
- CVE-2025-67896Dec 14, 2025risk 0.00cvss —epss 0.00
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
- CVE-2025-30232Mar 27, 2025risk 0.00cvss —epss 0.01
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
- CVE-2023-42119May 3, 2024risk 0.00cvss —epss 0.02
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2023-51766Dec 24, 2023risk 0.00cvss —epss 0.01
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because…
- CVE-2022-3620Oct 20, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is…
- CVE-2022-3559Oct 17, 2022risk 0.00cvss —epss 0.04
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a…
Page 2 of 4