CVE-2023-51766
- Source
- https://cve.org/CVERecord?id=CVE-2023-51766
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-51766.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-51766
- Downstream
- Related
- Published
- 2023-12-24T06:15:07.673Z
- Modified
- 2026-04-11T12:46:28.143457Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.0" } ], "cpe": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.0" } ], "cpe": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "9.0" } ], "cpe": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "10.0" } ], "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "38" } ], "cpe": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "39" } ], "cpe": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*" } ] }- References
-
- https://exim.org/static/doc/security/CVE-2023-51766.txt
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/
- http://www.openwall.com/lists/oss-security/2023/12/24/1
- http://www.openwall.com/lists/oss-security/2023/12/25/1
- http://www.openwall.com/lists/oss-security/2023/12/29/2
- http://www.openwall.com/lists/oss-security/2024/01/01/1
- http://www.openwall.com/lists/oss-security/2024/01/01/2
- http://www.openwall.com/lists/oss-security/2024/01/01/3
- https://github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766
- https://lists.debian.org/debian-lts-announce/2024/01/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/
- https://lwn.net/Articles/956533/
- https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
- https://bugs.exim.org/show_bug.cgi?id=3063
- https://bugzilla.redhat.com/show_bug.cgi?id=2255852
- https://www.openwall.com/lists/oss-security/2023/12/23/2
- https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
- https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5
- https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html
- https://www.youtube.com/watch?v=V8KPV96g1To
Affected packages
Git / github.com/exim/exim
Affected versions
Other
DEVEL_PDKIM_START
exim-4_50
exim-4_51
exim-4_52
exim-4_53
exim-4_54
exim-4_61
exim-4_62
exim-4_63
exim-4_64
exim-4_65
exim-4_66
exim-4_67
exim-4_68
exim-4_69
exim-4_70
exim-4_70_RC3
exim-4_70_RC4
exim-4_71
exim-4_72
exim-4_72_RC1
exim-4_72_RC2
exim-4_73
exim-4_73_RC00
exim-4_73_RC1
exim-4_74
exim-4_74_RC1
exim-4_75
exim-4_75_RC1
exim-4_75_RC2
exim-4_75_RC3
exim-4_76
exim-4_76_RC1
exim-4_76_RC2
exim-4_77
exim-4_77_RC1
exim-4_77_RC2
exim-4_77_RC3
exim-4_77_RC4
exim-4_80
exim-4_80_RC1
exim-4_80_RC2
exim-4_80_RC3
exim-4_80_RC4
exim-4_80_RC5
exim-4_80_RC6
exim-4_80_RC7
exim-4_82
exim-4_82_RC1
exim-4_82_RC2
exim-4_82_RC3
exim-4_82_RC4
exim-4_82_RC5
exim-4_83
exim-4_83_RC1
exim-4_83_RC2
exim-4_83_RC3
exim-4_84
exim-4_84_RC1
exim-4_84_RC2
exim-4_85
exim-4_85_RC1
exim-4_85_RC2
exim-4_85_RC3
exim-4_85_RC4
exim-4_86
exim-4_86_RC1
exim-4_86_RC2
exim-4_86_RC3
exim-4_86_RC4
exim-4_86_RC5
exim-4_87
exim-4_87_RC1
exim-4_87_RC2
exim-4_87_RC3
exim-4_87_RC4
exim-4_87_RC5
exim-4_87_RC6
exim-4_87_RC7
exim-4_88
exim-4_88_RC1
exim-4_88_RC2
exim-4_88_RC3
exim-4_88_RC4
exim-4_88_RC5
exim-4_88_RC6
exim-4_89_RC1
exim-4_89_RC3
exim-4_90
exim-4_90_RC1
exim-4_90_RC2
exim-4_90_RC3
exim-4_90_RC4
exim-4_91
exim-4_91_RC1
exim-4_91_RC2
exim-4_91_RC3
exim-4_91_RC4
exim-4_94_RC0
exim-4.*
exim-4.90devstart
exim-4.92
exim-4.92-RC1
exim-4.92-RC2
exim-4.92-RC3
exim-4.92-RC4
exim-4.92-RC5
exim-4.92-RC6
exim-4.92-jgh
exim-4.93
exim-4.93-RC0
exim-4.93-RC1
exim-4.93-RC2
exim-4.93-RC3
exim-4.93-RC4
exim-4.93-RC5
exim-4.93-RC6
exim-4.93-RC7
exim-4.94
exim-4.94-RC1
exim-4.94-RC2
exim-4.95
exim-4.95-RC0
exim-4.95-RC1
exim-4.95-RC2
exim-4.96
exim-4.96-RC0
exim-4.96-RC1
exim-4.96-RC2
exim-4.97
exim-4.97-RC0
exim-4.97-RC1
exim-4.97-RC2