Search for vulnerabilities
Vulnerability details: VCID-whgk-zjdq-aaak
Vulnerability ID VCID-whgk-zjdq-aaak
Aliases CVE-2014-2957
Summary The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.01754 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.02176 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.03193 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.03193 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.03193 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
epss 0.05819 https://api.first.org/data/v1/epss?cve=CVE-2014-2957
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=1101725
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2014-2957
Reference id Reference type URL
http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2957.json
https://api.first.org/data/v1/epss?cve=CVE-2014-2957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2957
https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
http://www.openwall.com/lists/oss-security/2021/05/04/7
1101725 https://bugzilla.redhat.com/show_bug.cgi?id=1101725
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.80.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.80.1:*:*:*:*:*:*:*
CVE-2014-2957 https://nvd.nist.gov/vuln/detail/CVE-2014-2957
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-2957
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.80903
EPSS Score 0.01754
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.