CVE-2024-39929

Updated: 2024-07-14 21:37:43.185937

Description:

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x LOW 3.7

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS exim 4.92.3 3.7 LOW Ignored 2024-07-17 17:24:45
CentOS 7 ELS exim 4.97.1 3.7 LOW Released CLSA-2024:1725550629 2024-09-05 14:28:34
CentOS 8.4 ELS exim 4.94.2 3.7 LOW Ignored 2024-07-17 17:24:45
CentOS 8.5 ELS exim 4.94.2 3.7 LOW Ignored 2024-07-17 17:24:45
CloudLinux 6 ELS exim 4.92.3 3.7 LOW Ignored 2024-07-17 17:24:45
Oracle Linux 6 ELS exim 4.92.3 3.7 LOW Ignored 2024-07-17 17:24:45
Ubuntu 16.04 ELS exim 4.86.2 3.7 LOW Ignored 2024-07-17 17:24:45
Ubuntu 18.04 ELS exim 4.90.1 3.7 LOW Ignored 2024-07-17 17:24:44