exim · threatengine.sh

CVE-2026-40687

< 4.99.2

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds

4.8MEDIUM

CVE-2026-40686

< 4.99.2

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are pres

3.7LOW

CVE-2026-40685

< 4.99.2

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malforme

6.5MEDIUM

CVE-2026-40684

< 4.99.2

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS da

5.9MEDIUM

CVE-2025-67896

< 4.99.1

Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because databas

7.0HIGH

CVE-2025-30232

>= 4.96 and <= 4.98.1

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

8.1HIGH

CVE-2025-26794

>= 4.98 and < 4.98.1

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection

7.5HIGH

CVE-2024-39929

<= 4.97.1

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extensio

5.4MEDIUM

CVE-2023-42119

< 4.96.2

Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclo

3.1LOW

CVE-2023-42117

< 4.96.2

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

9.8CRITICAL

CVE-2023-42116

< 4.96.1

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to

9.8CRITICAL

CVE-2023-42115

< 4.96.1

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary

9.8CRITICAL

CVE-2023-42114

< 4.96.1

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclos

5.3MEDIUM

CVE-2023-51766

< 4.97.1

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published explo

5.3MEDIUM

CVE-2022-3620

>= 4.95 and < 4.97

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmar

5.6MEDIUM

CVE-2022-3559

< 4.97

A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex

4.6MEDIUM

CVE-2022-37452

< 4.95

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

9.8CRITICAL

CVE-2022-37451

< 4.96

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

7.5HIGH

CVE-2021-38371

<= 4.94.2

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

7.5HIGH

CVE-2021-27216

< 4.94.2

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can d

6.3MEDIUM

CVE-2020-28026

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery S

9.8CRITICAL

CVE-2020-28025

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig-bodyha

7.5HIGH

CVE-2020-28024

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, be

9.8CRITICAL

CVE-2020-28023

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauth

7.5HIGH

CVE-2020-28022

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processin

9.8CRITICAL

CVE-2020-28021

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline charac

8.8HIGH

CVE-2020-28020

>= 4.00 and < 4.92

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary c

9.8CRITICAL

CVE-2020-28019

>= 4.88 and < 4.94.2

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This oc

7.5HIGH

CVE-2020-28018

>= 4.90 and < 4.94.2

Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.

9.8CRITICAL

CVE-2020-28017

< 4.94.1

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million

9.8CRITICAL

CVE-2020-28016

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.

7.8HIGH

CVE-2020-28015

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because

7.8HIGH

CVE-2020-28014

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a deni

6.1MEDIUM

CVE-2020-28013

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow pri

7.8HIGH

CVE-2020-28012

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe

7.8HIGH

CVE-2020-28011

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege es

7.8HIGH

CVE-2020-28010

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory

7.8HIGH

CVE-2020-28009

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied b

7.8HIGH

CVE-2020-28008

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by

7.8HIGH

CVE-2020-28007

>= 4.00 and < 4.94.2

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a

7.8HIGH

CVE-2020-12783

<= 4.93

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/

7.5HIGH

CVE-2020-8015

< 4.93.0.4-3.1

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to esca

8.4HIGH

CVE-2019-16928

>= 4.92 and <= 4.92.2

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer

9.8CRITICAL

CVE-2019-15846

< 4.92.2

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

9.8CRITICAL

CVE-2019-13917

>= 4.85 and <= 4.92

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort }

9.8CRITICAL

CVE-2019-10149

>= 4.87 and <= 4.91

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function

9.8CRITICAL

CVE-2018-6789

< 4.90.1

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a bu

9.8CRITICAL

CVE-2017-16944

all versions

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of servic

7.5HIGH

CVE-2017-16943

all versions

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code o

9.8CRITICAL

CVE-2017-1000369

<= 4.87.1

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with

4.0MEDIUM

CVE-2016-9963

<= 4.87

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce

5.9MEDIUM

CVE-2016-1531

<= 4.86

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

7.0HIGH

CVE-2014-2972

<= 4.82.1

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbit

CVE-2014-2957

<= 4.82

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execut

CVE-2012-5671

all versions

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabl

CVE-2011-1764

<= 4.75

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers

CVE-2011-1407

all versions

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only st

CVE-2011-0017

<= 4.72

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls

CVE-2010-4345

<= 4.72

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alter

7.8HIGH

CVE-2010-4344

< 4.70

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbit

9.8CRITICAL

CVE-2010-2024

<= 4.71

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary fi

CVE-2010-2023

<= 4.71

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink

CVE-2005-0022

<= 4.40

Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by t

CVE-2005-0021

<= 4.40

Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than

CVE-2004-0400

<= 4.32

Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cau

CVE-2004-0399

all versions

Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attack

CVE-2003-0743

all versions

Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers t

CVE-2002-1381

all versions

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execu

CVE-2002-0274

<= 3.34

Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other com

CVE-2001-0889

<= 3.22

Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address

CVE-2001-0690

<= 3.22

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remot

CVE-1999-0971

<= 1.62

Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.