CVE-2014-2957

Exim < 4.82.1 - Remote Code Execution via DMARC From Header Processing

Title source: llm
STIX 2.1

Description

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

References (3)

Core 3
Core References
Patch, Vendor Advisory mailing-list x_refsource_mlist
https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/04/7

Scores

EPSS 0.0529
EPSS Percentile 91.6%

Details

CWE
CWE-20
Status published
Products (50)
exim/exim 4.00
exim/exim 4.01
exim/exim 4.02
exim/exim 4.03
exim/exim 4.04
exim/exim 4.05
exim/exim 4.10
exim/exim 4.11
exim/exim 4.12
exim/exim 4.14
... and 40 more
Published Sep 04, 2014
Tracked Since Feb 18, 2026