CVE-2021-38371
HIGHExim < 4.94.2 - Response Injection via STARTTLS Feature
Title source: llmDescription
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
References (4)
Core 4
Core References
Tool Signature x_refsource_misc
https://nostarttls.secvuln.info
Product x_refsource_misc
https://www.exim.org
Broken Link, Vendor Advisory x_refsource_misc
https://www.exim.org/static/doc/security/CVE-2021-38371.txt
Scores
CVSS v3
7.5
EPSS
0.0200
EPSS Percentile
78.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-74
Status
published
Products (1)
exim/exim
< 4.94.2
Published
Aug 10, 2021
Tracked Since
Feb 18, 2026