CVE-2019-15846

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.92.2

Description The issue is related to errors in object handling in memory, allowing a remote attacker to gain access to confidential data, disrupt its integrity, and cause a denial of service. It also allows remote attackers to execute arbitrary code as root via a trailing backslash. The vulnerability can be exploited by sending a specially crafted client certificate or a modified value in the SNI. At least half a million email servers are potentially affected.

Recommendations For Exim versions prior to 4.92.2, update to version 4.92.2 to patch the issue. As a temporary workaround, consider disabling TLS support to minimize the risk of exploitation. Restrict access to the Exim server to prevent remote code execution attacks. Avoid using the SNI feature until the issue is resolved.