24 matches found
CLSA-2026-1778173472 exim: Fix of 2 CVEs
CVE-2026-40685: fix heap corruption when expanding malformed JSON - CVE-2026-40687: fix heap buffer overflow and infoleak in SPA authenticator...
CLSA-2026-1778024757 exim: Fix of CVE-2026-40687
CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...
CLSA-2026-1778024392 exim: Fix of CVE-2026-40687
CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...
exim: Fix of CVE-2026-40687
CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...
USN-8228-1 exim4 vulnerabilities
It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2026-40685 It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could...
USN-8228-1: Exim vulnerabilities
It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2026-40685 It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could...
CVE-2026-40687
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory...
exim: Fix of 2 CVEs
CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...
CLSA-2023-1697482739 exim: Fix of 2 CVEs
CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...
CLSA-2023-1697481196 exim: Fix of 2 CVEs
CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...
Out-of-Bounds Read
Exim is vulnerable to out of bound read. The vulnerability exists due to the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
Amazon Linux AMI : exim (ALAS-2020-1380)
The version of exim installed on the remote host is prior to 4.92-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1380 advisory. Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa...
Fedora 31 : exim (2020-93d7305d71)
This is an update fixing out-of-bounds read in the SPA authenticator. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Exim buffer overflow vulnerability (CNVD-2020-34994)
Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A buffer overflow vulnerability exists in SPA authenticator in Exim 4.93 and earlier versions. An attacker could exploit this vulnerability to bypass authentication...
DEBIAN-CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
UBUNTU-CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
Design/Logic Flaw
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...