The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | exim4 | < 4.82.1-1 | exim4_4.82.1-1_all.deb |
Debian | 11 | all | exim4 | < 4.82.1-1 | exim4_4.82.1-1_all.deb |
Debian | 10 | all | exim4 | < 4.82.1-1 | exim4_4.82.1-1_all.deb |
Debian | 999 | all | exim4 | < 4.82.1-1 | exim4_4.82.1-1_all.deb |
Debian | 13 | all | exim4 | < 4.82.1-1 | exim4_4.82.1-1_all.deb |