VulnerableCode Package Details - pkg:deb/debian/exim4@4.96-15~bpo11%2B1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-562c-7fwk-aaan	Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.	CVE-2022-37451
VCID-5g4a-x5x1-aaab	Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.	CVE-2023-42117
VCID-6cf4-ptdu-aaab	Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643.	CVE-2023-42119
VCID-7r7x-u71e-aaas	A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.	CVE-2022-3559
VCID-mq2d-w8ck-aaak	The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.	CVE-2021-38371

Vulnerability

Summary

Aliases

VCID-562c-7fwk-aaan

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

CVE-2022-37451

VCID-5g4a-x5x1-aaab

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.

CVE-2023-42117

VCID-6cf4-ptdu-aaab

Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643.

CVE-2023-42119

VCID-7r7x-u71e-aaas

A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.

CVE-2022-3559

VCID-mq2d-w8ck-aaak

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

CVE-2021-38371

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T11:38:13.742414+00:00	Debian Importer	Fixing	VCID-mq2d-w8ck-aaak	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T03:52:45.229757+00:00	Debian Importer	Fixing	VCID-5g4a-x5x1-aaab	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T23:54:28.095945+00:00	Debian Importer	Fixing	VCID-6cf4-ptdu-aaab	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T20:55:15.370618+00:00	Debian Importer	Fixing	VCID-7r7x-u71e-aaas	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-05T14:38:49.537322+00:00	Debian Importer	Fixing	VCID-7r7x-u71e-aaas	https://security-tracker.debian.org/tracker/data/json	36.1.0
2025-04-13T02:20:37.340199+00:00	Debian Oval Importer	Fixing	VCID-6cf4-ptdu-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T02:20:34.586092+00:00	Debian Oval Importer	Fixing	VCID-5g4a-x5x1-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T02:20:31.334850+00:00	Debian Oval Importer	Fixing	VCID-7r7x-u71e-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T02:20:30.572249+00:00	Debian Oval Importer	Fixing	VCID-mq2d-w8ck-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-05T08:28:34.221683+00:00	Debian Importer	Fixing	VCID-mq2d-w8ck-aaak	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T06:41:25.398350+00:00	Debian Importer	Fixing	VCID-5g4a-x5x1-aaab	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T02:35:59.902879+00:00	Debian Importer	Fixing	VCID-6cf4-ptdu-aaab	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-03T23:37:13.681250+00:00	Debian Importer	Fixing	VCID-7r7x-u71e-aaas	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-02-21T13:31:47.884082+00:00	Debian Importer	Fixing	VCID-6cf4-ptdu-aaab	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T13:31:28.659752+00:00	Debian Importer	Fixing	VCID-5g4a-x5x1-aaab	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T00:27:24.450667+00:00	Debian Importer	Fixing	VCID-7r7x-u71e-aaas	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-20T04:58:46.548437+00:00	Debian Importer	Fixing	VCID-mq2d-w8ck-aaak	https://security-tracker.debian.org/tracker/data/json	35.1.0
2024-11-24T02:40:43.845357+00:00	Debian Importer	Fixing	VCID-6cf4-ptdu-aaab	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-24T02:40:24.614106+00:00	Debian Importer	Fixing	VCID-5g4a-x5x1-aaab	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-23T16:03:30.519406+00:00	Debian Importer	Fixing	VCID-7r7x-u71e-aaas	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-22T22:57:35.572688+00:00	Debian Importer	Fixing	VCID-mq2d-w8ck-aaak	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-10-11T00:16:41.314996+00:00	Debian Importer	Fixing	VCID-6cf4-ptdu-aaab	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-10-11T00:16:24.923063+00:00	Debian Importer	Fixing	VCID-5g4a-x5x1-aaab	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-10-10T13:50:30.361508+00:00	Debian Importer	Fixing	VCID-7r7x-u71e-aaas	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-10-09T21:28:37.325516+00:00	Debian Importer	Fixing	VCID-mq2d-w8ck-aaak	https://security-tracker.debian.org/tracker/data/json	34.0.2
2024-09-20T04:50:29.611259+00:00	Debian Importer	Fixing	VCID-6cf4-ptdu-aaab	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-09-20T04:50:14.006160+00:00	Debian Importer	Fixing	VCID-5g4a-x5x1-aaab	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-09-19T20:11:35.103836+00:00	Debian Importer	Fixing	VCID-7r7x-u71e-aaas	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-09-19T05:31:07.226963+00:00	Debian Importer	Fixing	VCID-mq2d-w8ck-aaak	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-04-26T04:57:35.986101+00:00	Debian Importer	Fixing	VCID-6cf4-ptdu-aaab	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-26T04:57:06.844858+00:00	Debian Importer	Fixing	VCID-5g4a-x5x1-aaab	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T18:30:20.522893+00:00	Debian Importer	Fixing	VCID-7r7x-u71e-aaas	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T03:56:41.105271+00:00	Debian Importer	Fixing	VCID-mq2d-w8ck-aaak	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4