CVE Tools

exim

Communicationsoss-project

41

Cumulative CVEs

12

Monthly snapshots

#31

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting exim.

CVE-2026-48840Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.5.3May 30, 2026
CVE-2026-45185Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a...9.8May 12, 2026
CVE-2026-40687In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data proce...4.8Apr 30, 2026
CVE-2026-40686In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged wi...3.7Apr 30, 2026
CVE-2026-40685In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementati...6.5Apr 30, 2026
CVE-2026-40684In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity ...5.9Apr 30, 2026
CVE-2025-67896Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.7.0Dec 14, 2025
CVE-2025-30232A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.8.1Mar 27, 2025
CVE-2025-26794Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit conf...7.5Feb 21, 2025
CVE-2024-39929Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable...5.4Jul 4, 2024
CVE-2023-42119Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability3.1May 3, 2024
CVE-2023-42118Exim libspf2 Integer Underflow Remote Code Execution Vulnerability8.8May 3, 2024
CVE-2023-42117Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability9.8May 3, 2024
CVE-2023-42116Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability9.8May 3, 2024
CVE-2023-42115Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability9.8May 3, 2024