5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.4 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.4%
Package : exim4
Version : 4.92-8+deb10u9
CVE ID : CVE-2023-51766
Debian Bug : 1059387
It was discovered that Exim, a mail transport agent, can be induced to accept a
second message embedded as part of the body of a first message in certain
configurations where PIPELINING or CHUNKING on incoming connections is offered.
For Debian 10 buster, this problem has been fixed in version
4.92-8+deb10u9.
We recommend that you upgrade your exim4 packages.
For the detailed security status of exim4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/exim4
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | mipsel | eximon4-dbgsym | < 4.96-15+deb12u4 | eximon4-dbgsym_4.96-15+deb12u4_mipsel.deb |
Debian | 12 | s390x | exim4-daemon-light-dbgsym | < 4.96-15+deb12u4 | exim4-daemon-light-dbgsym_4.96-15+deb12u4_s390x.deb |
Debian | 12 | mipsel | eximon4 | < 4.96-15+deb12u4 | eximon4_4.96-15+deb12u4_mipsel.deb |
Debian | 11 | amd64 | exim4-daemon-heavy-dbgsym | < 4.94.2-7+deb11u2 | exim4-daemon-heavy-dbgsym_4.94.2-7+deb11u2_amd64.deb |
Debian | 10 | armhf | exim4-daemon-heavy | < 4.92-8+deb10u9 | exim4-daemon-heavy_4.92-8+deb10u9_armhf.deb |
Debian | 11 | armel | exim4-daemon-light-dbgsym | < 4.94.2-7+deb11u2 | exim4-daemon-light-dbgsym_4.94.2-7+deb11u2_armel.deb |
Debian | 11 | ppc64el | eximon4 | < 4.94.2-7+deb11u2 | eximon4_4.94.2-7+deb11u2_ppc64el.deb |
Debian | 11 | amd64 | exim4-base-dbgsym | < 4.94.2-7+deb11u2 | exim4-base-dbgsym_4.94.2-7+deb11u2_amd64.deb |
Debian | 11 | armel | exim4-daemon-heavy | < 4.94.2-7+deb11u2 | exim4-daemon-heavy_4.94.2-7+deb11u2_armel.deb |
Debian | 10 | amd64 | exim4-daemon-light-dbgsym | < 4.92-8+deb10u9 | exim4-daemon-light-dbgsym_4.92-8+deb10u9_amd64.deb |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.4 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.4%