CVE-2019-15846

CRITICAL EXPLOITED IN THE WILD RANSOMWARE

Exim < 4.92.2 - Remote Code Execution via Trailing Backslash

Title source: llm

Exploitation Summary

CVE-2019-15846 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including synacktiv.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2019-15846, a heap overflow vulnerability in Exim. The provided Python script (`exgen.py`) generates crafted spool files to exploit the vulnerability, with detailed logic for payload generation and memory manipulation.

Description

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

Exploits (1)

nomisec WORKING POC 30 stars

by synacktiv · remote

https://github.com/synacktiv/Exim-CVE-2019-15846

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2019-15846, a heap overflow vulnerability in Exim. The provided Python script (`exgen.py`) generates crafted spool files to exploit the vulnerability, with detailed logic for payload generation and memory manipulation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Exim (versions affected by CVE-2019-15846)

No auth needed

Prerequisites: Access to Exim server · Ability to send crafted spool files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (23)

Core 23

Core References

Mitigation, Vendor Advisory x_refsource_misc

http://exim.org/static/doc/security/CVE-2019-15846.txt

Mailing List, Third Party Advisory x_refsource_misc

https://www.openwall.com/lists/oss-security/2019/09/06/1

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/09/msg00004.html

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Sep/13

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4124-1/

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://www.kb.cert.org/vuls/id/672565

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/06/5

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201909-06

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/06/8

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/07/1

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/07/2

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDF37AUNETIOXY6ZLQAUBGBVUTMMV242/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FT3GY7V7SR2RHKNZNQCGXFWUSILVSZNU/

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/08/1

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/09/1

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBNHDAF74RI6VK2JVSEIE3VYNL7JJDYM/

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4124-2/

Various Sources x_refsource_misc

https://exim.org/static/doc/security/CVE-2019-15846.txt

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4517

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/06/2

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/06/6

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/06/4

Scores

CVSS v3 9.8

EPSS 0.3574

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-02-08

InTheWild.io 2019-09-08

Ransomware Use Confirmed

Status published

Products (4)

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

exim/exim < 4.92.2

Published Sep 06, 2019

Tracked Since Feb 18, 2026