Information on source package exim4

Available versions

ReleaseVersion
bullseye4.94.2-7+deb11u3
bullseye (security)4.94.2-7+deb11u4
bookworm4.96-15+deb12u6
bookworm (security)4.96-15+deb12u5
trixie4.98-2
sid4.98-2

Resolved issues

BugDescription
CVE-2024-39929Exim through 4.97.1 misparses a multiline RFC 2231 header filename, an ...
CVE-2023-51766Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKIN ...
CVE-2023-42119Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. Th ...
CVE-2023-42117Exim Improper Neutralization of Special Elements Remote Code Execution ...
CVE-2023-42116Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution ...
CVE-2023-42115Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. Thi ...
CVE-2023-42114Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerab ...
CVE-2022-37452Exim before 4.95 has a heap-based buffer overflow for the alias list i ...
CVE-2022-37451Exim before 4.96 has an invalid free in pam_converse in auths/call_pam ...
CVE-2022-3620A vulnerability was found in Exim and classified as problematic. This ...
CVE-2022-3559A vulnerability was found in Exim and classified as problematic. This ...
CVE-2021-38371The STARTTLS feature in Exim through 4.94.2 allows response injection ...
CVE-2021-27216Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By lev ...
CVE-2020-28026Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, r ...
CVE-2020-28025Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bo ...
CVE-2020-28024Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unaut ...
CVE-2020-28023Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may dis ...
CVE-2020-28022Exim 4 before 4.94.2 has Improper Restriction of Write Operations with ...
CVE-2020-28021Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. A ...
CVE-2020-28020Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in whic ...
CVE-2020-28019Exim 4 before 4.94.2 has Improper Initialization that can lead to recu ...
CVE-2020-28018Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain si ...
CVE-2020-28017Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in rec ...
CVE-2020-28016Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because ...
CVE-2020-28015Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. L ...
CVE-2020-28014Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The ...
CVE-2020-28013Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mish ...
CVE-2020-28012Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended ...
CVE-2020-28011Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run vi ...
CVE-2020-28010Exim 4 before 4.94.2 allows Out-of-bounds Write because the main funct ...
CVE-2020-28009Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow becaus ...
CVE-2020-28008Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...
CVE-2020-28007Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...
CVE-2020-12783Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...
CVE-2019-16928Exim 4.92 through 4.92.2 allows remote code execution, a different vul ...
CVE-2019-15846Exim before 4.92.2 allows remote attackers to execute arbitrary code a ...
CVE-2019-13917Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...
CVE-2019-10149A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper v ...
CVE-2018-6789An issue was discovered in the base64d function in the SMTP listener i ...
CVE-2017-1000369Exim supports the use of multiple "-p" command line arguments which ar ...
CVE-2017-16944The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...
CVE-2017-16943The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...
CVE-2016-9963Exim before 4.87.1 might allow remote attackers to obtain the private ...
CVE-2016-1531Exim before 4.86.2, when installed setuid root, allows local users to ...
CVE-2014-2972expand.c in Exim before 4.83 expands mathematical comparisons twice, w ...
CVE-2014-2957The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPE ...
CVE-2012-5671Heap-based buffer overflow in the dkim_exim_query_dns_txt function in ...
CVE-2011-1764Format string vulnerability in the dkim_exim_verify_finish function in ...
CVE-2011-1407The DKIM implementation in Exim 4.7x before 4.76 permits matching for ...
CVE-2011-0017The open_log function in log.c in Exim 4.72 and earlier does not check ...
CVE-2010-4345Exim 4.72 and earlier allows local users to gain privileges by leverag ...
CVE-2010-4344Heap-based buffer overflow in the string_vformat function in string.c ...
CVE-2010-2024transports/appendfile.c in Exim before 4.72, when MBX locking is enabl ...
CVE-2010-2023transports/appendfile.c in Exim before 4.72, when a world-writable sti ...
CVE-2005-0022Buffer overflow in the spa_base64_to_bits function in Exim before 4.43 ...
CVE-2005-0021Multiple buffer overflows in Exim before 4.43 may allow attackers to e ...
CVE-2004-0400Stack-based buffer overflow in Exim 4 before 4.33, when the headers_ch ...
CVE-2004-0399Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...
CVE-2002-1381Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...

Security announcements

DSA / DLADescription
DLA-3938-1exim4 - security update
DSA-5728-1exim4 - security update
DLA-3708-1exim4 - security update
DSA-5597-1exim4 - security update
DSA-5512-1exim4 - security update
DLA-3599-1exim4 - security update
DLA-3082-1exim4 - security update
DLA-2650-1exim4 - security update
DSA-4912-1exim4 - security update
DSA-4687-1exim4 - security update
DLA-2213-1exim4 - security update
DSA-4536-1exim4 - security update
DSA-4517-1exim4 - security update
DLA-1911-1exim4 - security update
DSA-4488-1exim4 - security update
DSA-4456-1exim4 - security update
DSA-4110-1exim4 - security update
DLA-1274-1exim4 - security update
DSA-4053-1exim4 - security update
DLA-1001-1exim4 - security update
DSA-3888-1exim4 - security update
DSA-3747-1exim4 - security update
DLA-762-1exim4 - security update
DSA-3517-1exim4 - security update
DSA-2566-1exim4 - heap overflow
DSA-2236-1exim4 - command injection
DSA-2232-1exim4 - format string vulnerability
DSA-2154-1exim4 - privilege escalation
DSA-2131-1exim4 - remote code execution

Search for package or bug name: Reporting problems