CVE-2023-51766

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.97.1

Description The issue allows SMTP smuggling in certain configurations, enabling remote attackers to inject e-mail messages with a spoofed MAIL FROM address. This can bypass an SPF protection mechanism due to Exim's support for <LF>.<CR><LF>, which some other popular e-mail servers do not support. The exploitation technique can be used to send hidden HTTP requests, effectively allowing attackers to circumvent security policies. Approximately 15,749,391 results are mainly distributed in the United States, Germany, and other countries.

Recommendations For Exim versions prior to 4.97.1, update to version 4.97.1 or later to address the SMTP smuggling issue. As a temporary workaround, consider restricting the use of the <LF>.<CR><LF> sequence in Exim configurations to minimize the risk of exploitation. Avoid using configurations that allow SMTP smuggling until the issue is resolved.