CVE-2023-51766

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-51766

Severity

5.3

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-51766
https://github.com/advisories/GHSA-w6ww-869j-cgm6
http://www.openwall.com/lists/oss-security/2023/12/29/2
https://exim.org/static/doc/security/CVE-2023-51766.txt
https://github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/
http://www.openwall.com/lists/oss-security/2023/12/24/1
http://www.openwall.com/lists/oss-security/2023/12/25/1
http://www.openwall.com/lists/oss-security/2024/01/01/1
http://www.openwall.com/lists/oss-security/2024/01/01/2
http://www.openwall.com/lists/oss-security/2024/01/01/3
https://bugs.exim.org/show_bug.cgi?id=3063
https://bugzilla.redhat.com/show_bug.cgi?id=2255852
https://lists.debian.org/debian-lts-announce/2024/01/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/
https://lwn.net/Articles/956533/
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
https://www.openwall.com/lists/oss-security/2023/12/23/2
https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html
https://www.youtube.com/watch?v=V8KPV96g1To

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2023-51766

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company