CVE-2014-2957
Exim < 4.82.1 - Remote Code Execution via DMARC From Header Processing
Title source: llmDescription
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
References (3)
Core 3
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
Various Sources x_refsource_confirm
http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/04/7
Scores
EPSS
0.0529
EPSS Percentile
91.6%
Details
CWE
CWE-20
Status
published
Products (50)
exim/exim
4.00
exim/exim
4.01
exim/exim
4.02
exim/exim
4.03
exim/exim
4.04
exim/exim
4.05
exim/exim
4.10
exim/exim
4.11
exim/exim
4.12
exim/exim
4.14
... and 40 more
Published
Sep 04, 2014
Tracked Since
Feb 18, 2026