Areuu

**Name of the Vulnerable Software and Affected Versions** Exim versions 4.92 through 4.92.2 **Description** The issue is related to a heap-based buffer overflow in the `string vformat` function in `string.c`, which can be exploited by sending a long EHLO command, potentially allowing remote code execution. This vulnerability can be exploited after privilege reset and is limited to code execution with the privileges of the non-privileged user under which the message handler runs. **Recommendations** For Exim versions 4.92 through 4.92.2, update to Exim 4.92.3 to resolve the issue. As a temporary workaround, consider restricting access to the EHLO command to minimize the risk of exploitation.