Sin99Xx

**Name of the Vulnerable Software and Affected Versions** Exim versions 4.88 through 4.99.3 **Description** In certain proxy configurations, the PROXY-protocol parser mishandles short payloads, resulting in a pre-authentication information disclosure. This issue allows the leakage of uninitialized stack memory values, specifically live userspace virtual address (VA) pointers, to a client. This can be used as a primitive to defeat Address Space Layout Randomization (ASLR), which is a security technique used to prevent exploitation by randomizing the memory addresses used by a process. **Recommendations** Update to version 4.99.4.