CVE-2011-1764
Exim < 4.76 - Remote Code Execution via DKIM Logging Format String
Title source: llmDescription
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51155
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2232
Patch x_refsource_confirm
http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=702474
Patch x_refsource_confirm
http://bugs.exim.org/show_bug.cgi?id=1106
Patch x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670
Scores
EPSS
0.0394
EPSS Percentile
89.0%
Details
CWE
CWE-134
Status
published
Products (50)
exim/exim
2.10
exim/exim
2.11
exim/exim
2.12
exim/exim
3.00
exim/exim
3.01
exim/exim
3.02
exim/exim
3.03
exim/exim
3.10
exim/exim
3.11
exim/exim
3.12
... and 40 more
Published
Oct 05, 2011
Tracked Since
Feb 18, 2026