PT-2022-6994 · Exim+5 · Exim+5

Published

2022-06-06

Updated

2026-06-10

CVE-2023-42117

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exim (affected versions not specified)

Description This issue allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this issue. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this issue to execute code in the context of the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

RCE

DoS

Buffer Overflow

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-138CWE-119CWE-77

Related Identifiers

ALT-PU-2023-7644

BDU:2023-06274

CVE-2023-42117

DLA-3938-1

OPENSUSE-SU-2023:0303-1

OPENSUSE-SU-2023:0304-1

OPENSUSE-SU-2024:0007-1

OPENSUSE-SU-2024:13333-1

USN-6455-1

USN-6455-2

ZDI-23-1471

Affected Products

Alt Linux

Astra Linux

Exim

Linuxmint

Red Os

Ubuntu

PT-2022-6994 · Exim+5 · Exim+5

CVE-2023-42117

Weakness Enumeration

Related Identifiers

Affected Products

References · 58