What is CVE-2024-39929?

CVE-2024-39929 is a vulnerability in N/a. Published 2024-07-04.

Is CVE-2024-39929 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

EPSS: 0.603 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

michael-david-fry/CVE-2024-39929
rxerium/CVE-2024-39929
krlabs/eximsmtp-vulnerabilities
nomi-sec/PoC-in-GitHub
ARPSyndicate/cve-scores
rxerium/stars
plzheheplztrying/cve_
fkie-cad/nvd-json-data-feeds

References

git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357
git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b
github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3
www.rfc-editor.org/rfc/rfc2231.txt
bugs.exim.org/show_bug.cgi

Frequently asked questions

What is CVE-2024-39929?: CVE-2024-39929 is a vulnerability in N/a. Published 2024-07-04.
Is CVE-2024-39929 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.