CVE-2010-4344

2010-12-14T16:00:00
ID CVE-2010-4344
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T20:08:00

Description

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.