28 matches found
CLSA-2026-1779369819 Fix CVE(s): CVE-2026-40686, CVE-2026-40687
SECURITY UPDATE: heap read out-of-bounds in UTF-8 expansion - debian/patches/CVE-2026-40686.patch: harden $fromutf8: expansion operator against malformed UTF-8 trailing bytes. - CVE-2026-40686 SECURITY UPDATE: SPA authenticator buffer hardening - debian/patches/CVE-2026-40687.patch: zero...
CLSA-2026-1778173472 exim: Fix of 2 CVEs
CVE-2026-40685: fix heap corruption when expanding malformed JSON - CVE-2026-40687: fix heap buffer overflow and infoleak in SPA authenticator...
CLSA-2026-1778024757 exim: Fix of CVE-2026-40687
CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...
CLSA-2026-1778024392 exim: Fix of CVE-2026-40687
CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...
exim: Fix of CVE-2026-40687
CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...
CLSA-2026-1778003565 Fix CVE(s): CVE-2026-40684, CVE-2026-40685, CVE-2026-40687
SECURITY UPDATE: out-of-bounds read in DNS reverse-lookup escape decoding when running against musl libc - debian/patches/CVE-2026-40684.patch: harden stringcopydnsdomain to consume 1, 2, or 3 digits incrementally instead of indexing past the input string when fewer than 3 digits follow a backsla...
USN-8228-1 exim4 vulnerabilities
It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2026-40685 It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could...
USN-8228-1: Exim vulnerabilities
It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2026-40685 It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could...
CVE-2026-40687
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory...
CLSA-2023-1697482739 exim: Fix of 2 CVEs
CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...
exim: Fix of 2 CVEs
CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...
CLSA-2023-1697481196 exim: Fix of 2 CVEs
CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...
CLSA-2023-1697463600 Fix CVE(s): CVE-2023-42116, CVE-2023-42114
SECURITY UPDATE: Multiple security issues - debian/patches/CVE-2023-42114.patch: fix possible OOB read in SPA authenticator - CVE-2023-42114 - debian/patches/CVE-2023-42116.patch: fix possible OOB write in SPA authenticator - CVE-2023-42116...
CLSA-2023-1697016628 Fix CVE(s): CVE-2023-42114, CVE-2023-42116
SECURITY UPDATE: Multiple security issues - debian/patches/CVE-2023-42114.patch: fix possible OOB read in SPA authenticator - CVE-2023-42114 - debian/patches/CVE-2023-42116.patch: fix possible OOB write in SPA authenticator - CVE-2023-42116...
Out-of-Bounds Read
Exim is vulnerable to out of bound read. The vulnerability exists due to the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
Amazon Linux AMI : exim (ALAS-2020-1380)
The version of exim installed on the remote host is prior to 4.92-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1380 advisory. Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa...
Fedora 31 : exim (2020-93d7305d71)
This is an update fixing out-of-bounds read in the SPA authenticator. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Exim buffer overflow vulnerability (CNVD-2020-34994)
Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A buffer overflow vulnerability exists in SPA authenticator in Exim 4.93 and earlier versions. An attacker could exploit this vulnerability to bypass authentication...
CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
DEBIAN-CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...