CVE-2003-0743

Name of the Vulnerable Software and Affected Versions: Exim 3 versions prior to 3.36 Exim 4 versions prior to 4.21

Description: The issue is related to a heap-based buffer overflow in the smtp in.c file. This can be exploited by remote attackers who send an invalid HELO or EHLO argument with a large number of spaces, followed by a NULL character and a newline. The argument is not properly trimmed before being appended to the buffer, potentially allowing the execution of arbitrary code.

Recommendations: For Exim 3 versions prior to 3.36, update to version 3.36 or later. For Exim 4 versions prior to 4.21, update to version 4.21 or later.