CVE-2023-42115

CRITICAL

Exim < 4.96.1 - Unauthenticated Remote Code Execution via SMTP Service Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-42115. PoCs published by kirinse, doaso.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-42115, targeting Exim SMTP servers. The exploit includes a scanner mode to check for vulnerability and an exploit mode to execute a reverse shell payload. The payload generator script creates reverse shells for Linux or Windows.

Description

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17434.

Exploits (3)

nomisec WORKING POC 8 stars
by kirinse · poc
https://github.com/kirinse/cve-2023-42115

This repository contains a functional exploit for CVE-2023-42115, targeting Exim SMTP servers. The exploit includes a scanner mode to check for vulnerability and an exploit mode to execute a reverse shell payload. The payload generator script creates reverse shells for Linux or Windows.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Exim SMTP server
No auth needed
Prerequisites: Python 3 · Network access to target SMTP server · Exim server vulnerable to CVE-2023-42115
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by doaso · poc
https://github.com/doaso/CVE-2023-42115

This repository contains a functional exploit for CVE-2023-42115, an Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. The exploit sends a crafted MAIL FROM command to trigger a reverse shell via UDP, demonstrating arbitrary code execution without authentication.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Exim (version not specified)
No auth needed
Prerequisites: Network access to Exim SMTP port (25) · UDP listener for reverse shell
devstral-2 · analyzed Apr 09, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/isotaka134/cve-2023-42115

This repository contains functional exploit code for CVE-2023-42115, targeting Exim SMTP servers. The exploit leverages command injection via the MAIL FROM field to achieve remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Exim SMTP server (versions affected by CVE-2023-42115)
No auth needed
Prerequisites: Python 3 · network access to target SMTP service (port 25 by default) · payload file for exploitation
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory x_research-advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

Scores

CVSS v3 9.8
EPSS 0.6581
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
exim/exim < 4.96.1
Published May 03, 2024
Tracked Since Feb 18, 2026