Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | exim4 | < 4.93-16 | exim4_4.93-16_all.deb |
Debian | 11 | all | exim4 | < 4.93-16 | exim4_4.93-16_all.deb |
Debian | 10 | all | exim4 | < 4.92-8+deb10u4 | exim4_4.92-8+deb10u4_all.deb |
Debian | 999 | all | exim4 | < 4.93-16 | exim4_4.93-16_all.deb |
Debian | 13 | all | exim4 | < 4.93-16 | exim4_4.93-16_all.deb |