Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability

Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability

Exim is prone to a remote buffer-overflow vulnerability when used in conjunction with remote SpamAssassin servers. This issue occurs because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.

Exim 4.66 is vulnerable to this issue; other versions may also be affected.