Intrusion Prevention



This vulnerability affects the Exim mail transfer agent. The vulnerability is the result of an unchecked buffer in the sender verification code. A remote attacker could send a specially crafted email to cause a buffer overflow, possibly resulting in a denial of service or execution of arbitrary code. For this attack to be possible, sender_verify in exim.conf must be enabled.

Affected Products

University of Cambridge Exim 3.35.
University of Cambridge Exim 4.32.


System compromise, Denial of service, execution of arbitrary code.

Recommended Actions

Upgrade to exim 4.33-1 or later.

CVE References


Other References