EPSS
Percentile
76.7%
exim4 is vulnerable to arbitrary code execution. A heap buffer underflow in smtp_ungetc() allows an attacker to execute arbitrary code on the host OS.
smtp_ungetc()
security-tracker.debian.org/tracker/CVE-2020-28024
www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt