Exim Exim
28 CVEs affecting Exim Exim. Latest disclosed: 2026-05-30. Critical: 4, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45185 | Critical | 9.8 | 2026-05-12 | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client send… |
CVE-2023-42115 | Critical | 9.8 | 2024-05-03 | Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installatio… |
CVE-2017-16943 | Critical | 9.8 | 2017-11-25 | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (… |
CVE-2019-10149 | Critical | 9.0 | 2019-06-05 | A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead t… |
CVE-2025-30232 | High | 8.1 | 2025-03-27 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. |
CVE-2023-42117 | High | 8.1 | 2024-05-03 | Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on a… |
CVE-2023-42116 | High | 8.1 | 2024-05-03 | Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on af… |
CVE-2025-26794 | High | 7.5 | 2025-02-21 | Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1… |
CVE-2017-16944 | High | 7.5 | 2017-11-25 | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack ex… |
CVE-2025-67896 | High | 7.0 | 2025-12-14 | Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly t… |
CVE-2016-1531 | High | 7.0 | 2016-04-07 | Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. |
CVE-2026-40685 | Medium | 6.5 | 2026-04-30 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header… |
CVE-2026-40684 | Medium | 5.9 | 2026-04-30 | In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records… |
CVE-2016-9963 | Medium | 5.9 | 2017-02-01 | Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. |
CVE-2026-48840 | Medium | 5.3 | 2026-05-30 | Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a clien… |
CVE-2026-40687 | Medium | 4.8 | 2026-04-30 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connec… |
CVE-2017-1000369 | Medium | 4.0 | 2017-06-19 | Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers… |
CVE-2026-40686 | Low | 3.7 | 2026-04-30 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header d… |
CVE-2023-42114 | Low | 3.7 | 2024-05-03 | Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on af… |
CVE-2023-42119 | Low | 3.1 | 2024-05-03 | Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on a… |