CVE-2017-16943

Name of the Vulnerable Software and Affected Versions Exim versions 4.88 through 4.89

Description The issue is related to the receive msg function in receive.c within the SMTP daemon of Exim. It allows remote attackers to execute arbitrary code or cause a denial of service due to a use-after-free condition. This can be achieved via vectors involving BDAT commands.

Recommendations For Exim versions 4.88 and 4.89, consider disabling the receive msg function as a temporary workaround until a patch is available. Restrict access to the SMTP daemon to minimize the risk of exploitation. Avoid using commands that involve BDAT in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.