Exim <4.97.1: SMTP Smuggling bypass SPF via PIPELINING/CHUNKING
CVE-2023-51766 Published on December 24, 2023

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2023-51766

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-51766 are published in these products:

Exim

Fedora Project Extra Packages Enterprise Linux

Fedora Project Fedora

Debian Linux

Exploit Probability

EPSS

1.64%

Percentile

81.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Exim <4.97.1: SMTP Smuggling bypass SPF via PIPELINING/CHUNKINGCVE-2023-51766 Published on December 24, 2023

Products Associated with CVE-2023-51766

Exploit Probability

Exim <4.97.1: SMTP Smuggling bypass SPF via PIPELINING/CHUNKING
CVE-2023-51766 Published on December 24, 2023