CVE-2024-39929
Published: 4 July 2024
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
exim4
Launchpad, Ubuntu, Debian |
bionic |
Released
(4.90.1-1ubuntu1.10+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Released
(4.93-13ubuntu1.12)
|
|
| jammy |
Released
(4.95-4ubuntu2.6)
|
|
| mantic |
Ignored
(end of life, was needs-triage)
|
|
| noble |
Released
(4.97-4ubuntu4.1)
|
|
| trusty |
Not vulnerable
(code-not-present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(4.86.2-2ubuntu2.6+esm8)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
Patches:
upstream: https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357 upstream: https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b |
||