Updated: 2024-07-14 21:37:43.185937
Description:
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | NONE | 0 |
CVSS Version 3.x | LOW | 3.7 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | exim | 4.92.3 | 3.7 | LOW | Ignored | 2024-07-17 17:24:45 | ||
CentOS 7 ELS | exim | 4.97.1 | 3.7 | LOW | Released | CLSA-2024:1725550629 | 2024-09-05 14:28:34 | |
CentOS 8.4 ELS | exim | 4.94.2 | 3.7 | LOW | Ignored | 2024-07-17 17:24:45 | ||
CentOS 8.5 ELS | exim | 4.94.2 | 3.7 | LOW | Ignored | 2024-07-17 17:24:45 | ||
CloudLinux 6 ELS | exim | 4.92.3 | 3.7 | LOW | Ignored | 2024-07-17 17:24:45 | ||
Oracle Linux 6 ELS | exim | 4.92.3 | 3.7 | LOW | Ignored | 2024-07-17 17:24:45 | ||
Ubuntu 16.04 ELS | exim | 4.86.2 | 3.7 | LOW | Ignored | 2024-07-17 17:24:45 | ||
Ubuntu 18.04 ELS | exim | 4.90.1 | 3.7 | LOW | Ignored | 2024-07-17 17:24:44 |