exim exim CVE-2010-4344 is a vulnerability in Exim
Published on December 14, 2010

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Exim Heap-Based Buffer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.

The following remediation steps are recommended / required by April 15, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2010-4344 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2010-4344

You can be notified by stack.watch whenever vulnerabilities like CVE-2010-4344 are published in these products:

Exim
 

What versions of Exim are vulnerable to CVE-2010-4344?