Exim/exim

Exim/exim

Releases284

Frequency3 weeks 5 days

Last Release 6 months ago

Stars782

Exim Mail Transport Agent - source, testsuite and documentation

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-39929 ↗	Jul 4, 2024Thursday, 4 July 2024, 15:15	5.4 MEDIUM	—
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
CVE-2022-37452 ↗	Aug 7, 2022Sunday, 7 August 2022, 18:15	9.8 CRITICAL	—
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2022-37451 ↗	Aug 6, 2022Saturday, 6 August 2022, 18:15	7.5 HIGH	—
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.