Vulnerabilities > Exim > Exim > 4.88

DATE CVE VULNERABILITY TITLE RISK
2017-11-25 CVE-2017-16943 Use After Free vulnerability in multiple products
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
network
low complexity
exim debian CWE-416
7.5
7.5
2017-06-19 CVE-2017-1000369 Improper Resource Shutdown or Release vulnerability in multiple products
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution.
local
low complexity
exim debian CWE-404
2.1
2.1