CRITICAL🇵🇱 Wersja polska

CVE-2023-42117

CVSS 9.8v3.1pub. 2024-05-03upd. 2025-11-03

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.

🤖 AI Analysis
How it works

The vulnerability exists in the SMTP service listening on TCP port 25 by default. The Exim server improperly neutralizes special characters in user-supplied data (CWE-138), leading to memory corruption. An attacker can send crafted data to the SMTP service without authentication, thereby triggering arbitrary code execution in the context of the current process.

Impact

An attacker can remotely execute arbitrary code in the context of the Exim process, which in practice means the ability to take control of the mail server, steal data, or perform further lateral movement in the network.

Mitigation & patch

Patches available from the vendor should be applied according to the references. Users of Debian distributions should review the debian-lts-announce message from October 2024. Additionally, it is recommended to restrict access to TCP port 25 only from trusted sources at the firewall level as a temporary measure.

Who is affected

Exim — versions indicated in vendor references (vulnerability tracked as ZDI-CAN-17554)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Exim

    APP
    Exim
    < 4.96.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2019-16928CRITICAL9.8⚠ KEVten sam produkt

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is...

CVE-2019-10149CRITICAL9.8⚠ KEVten sam produkt

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in delive...

CVE-2018-6789CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handc...

CVE-2010-4344CRITICAL9.8⚠ KEVten sam produkt

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attack...

CVE-2026-45185CRITICAL9.8PL ✓ten sam produkt

Exim: use-after-free w parsowaniu BDAT — zdalne wykonanie kodu