VYPR
Vendor

Exim

Products
3
CVEs
76
Across products
76
Status
Private

Products

3

Recent CVEs

76
View all 76 CVEs →
  • CVE-2018-6789CriKEVFeb 8, 2018
    risk 0.84cvss 9.8epss 0.82

    An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

  • CVE-2010-4344CriKEVDec 14, 2010
    risk 0.84cvss 9.8epss 0.72

    Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper…

  • CVE-2017-16943CriNov 25, 2017
    risk 0.67cvss 9.8epss 0.47

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

  • CVE-2010-4345HigKEVDec 14, 2010
    risk 0.67cvss 7.8epss 0.18

    Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

  • CVE-2026-45185CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection.…

  • CVE-2017-16944HigNov 25, 2017
    risk 0.57cvss 7.5epss 0.63

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the…

  • CVE-2016-1531HigApr 7, 2016
    risk 0.49cvss 7.0epss 0.06

    Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

  • CVE-2026-40685MedApr 30, 2026
    risk 0.42cvss 6.5epss 0.00

    In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.

  • CVE-2016-9963MedFeb 1, 2017
    risk 0.39cvss 5.9epss 0.03

    Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

  • CVE-2026-40684MedApr 30, 2026
    risk 0.38cvss 5.9epss 0.00

    In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

  • CVE-2026-48840MedMay 30, 2026
    risk 0.34cvss 5.3epss 0.00

    Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

  • CVE-2026-40687MedApr 30, 2026
    risk 0.31cvss 4.8epss 0.00

    In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.

  • CVE-2017-1000369MedJun 19, 2017
    risk 0.26cvss 4.0epss 0.01

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream…

  • CVE-2026-40686LowApr 30, 2026
    risk 0.24cvss 3.7epss 0.00

    In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.

  • CVE-2019-10149KEVJun 5, 2019
    risk 0.23cvss epss 1.00

    A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

  • CVE-2019-16928KEVSep 27, 2019
    risk 0.19cvss epss 0.42

    Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

  • CVE-2025-26794Feb 21, 2025
    risk 0.06cvss epss 0.76

    Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

  • CVE-2024-39929Jul 4, 2024
    risk 0.05cvss epss 0.41

    Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

  • CVE-2023-42115May 3, 2024
    risk 0.05cvss epss 0.10

    Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp…

  • CVE-2020-28018May 6, 2021
    risk 0.05cvss epss 0.56

    Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.