Meh

**Name of the Vulnerable Software and Affected Versions** Exim versions 4.88 through 4.89 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and stack exhaustion. This is achieved through vectors involving BDAT commands and an improper check for a '.' character that signifies the end of the content. The problem is related to the `bdat getc` function and the `receive msg` function in the SMTP daemon. **Recommendations** For Exim versions 4.88 and 4.89, consider disabling the `receive msg` function or restricting the use of BDAT commands as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exim versions 4.88 through 4.89 **Description** The issue is related to the `receive msg` function in `receive.c` within the SMTP daemon of Exim. It allows remote attackers to execute arbitrary code or cause a denial of service due to a use-after-free condition. This can be achieved via vectors involving `BDAT` commands. **Recommendations** For Exim versions 4.88 and 4.89, consider disabling the `receive msg` function as a temporary workaround until a patch is available. Restrict access to the SMTP daemon to minimize the risk of exploitation. Avoid using commands that involve `BDAT` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.