PT-2022-6996 · Exim+5 · Exim+5

Published

2022-06-06

Updated

2025-08-07

CVE-2023-42119

CVSS v3.1

3.1

Low

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Exim (affected versions not specified)

Description The issue is related to an out-of-bounds read in the Exim smtp service, which can allow network-adjacent attackers to disclose sensitive information on affected installations of Exim. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2023-7644

BDU:2023-06276

CVE-2023-42119

DLA-3938-1

OPENSUSE-SU-2023:0303-1

OPENSUSE-SU-2023:0304-1

OPENSUSE-SU-2024:0007-1

OPENSUSE-SU-2024:13333-1

USN-6455-1

ZDI-23-1473

Affected Products

Alt Linux

Astra Linux

Exim

Linuxmint

Red Os

Ubuntu

PT-2022-6996 · Exim+5 · Exim+5

CVE-2023-42119

Weakness Enumeration

Related Identifiers

Affected Products

References · 52