CVE-2019-13917

Name of the Vulnerable Software and Affected Versions Exim versions 4.85 through 4.92

Description The issue is related to errors in handling objects in memory, which can allow an attacker to elevate privileges and execute arbitrary code. This can occur in unusual configurations where the ${sort } expansion is used for items that can be controlled by an attacker, such as $local part or $domain.

Recommendations For Exim versions 4.85 through 4.92, update to version 4.92.1 to resolve the issue. As a temporary workaround, consider restricting the use of the ${sort } expansion for items that can be controlled by an attacker until the update is applied.