Description
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
References (7)
Scores
EPSS
0.0472
EPSS Percentile
89.4%
Details
CWE
CWE-134
Status
published
Products (50)
exim/exim
2.10
exim/exim
2.11
exim/exim
2.12
exim/exim
3.00
exim/exim
3.01
exim/exim
3.02
exim/exim
3.03
exim/exim
3.10
exim/exim
3.11
exim/exim
3.12
... and 40 more
Published
Oct 05, 2011
Tracked Since
Feb 18, 2026