QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-4344

Back to search

CVE-2010-4344

Published: Dec 14, 2010

Modified: Oct 22, 2025

PUBLISHED

Description

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

VendorProductVersions

n/a

n/a

affected
n/a

References

SUSE-SA:2010:059
vendor-advisory
x_refsource_SUSE
1024858
vdb-entry
x_refsource_SECTRACK
RHSA-2010:0970
vendor-advisory
x_refsource_REDHAT
ADV-2010-3186
vdb-entry
x_refsource_VUPEN
45308
vdb-entry
x_refsource_BID
42576
third-party-advisory
x_refsource_SECUNIA
42587
third-party-advisory
x_refsource_SECUNIA
40019
third-party-advisory
x_refsource_SECUNIA
ADV-2010-3172
vdb-entry
x_refsource_VUPEN
VU#682457
third-party-advisory
x_refsource_CERT-VN
ADV-2010-3181
vdb-entry
x_refsource_VUPEN
42586
third-party-advisory
x_refsource_SECUNIA
ADV-2010-3317
vdb-entry
x_refsource_VUPEN
USN-1032-1
vendor-advisory
x_refsource_UBUNTU
69685
vdb-entry
x_refsource_OSVDB
ADV-2010-3246
vdb-entry
x_refsource_VUPEN
ADV-2010-3204
vdb-entry
x_refsource_VUPEN
DSA-2131
vendor-advisory
x_refsource_DEBIAN
ADV-2010-3171
vdb-entry
x_refsource_VUPEN
42589
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20101210 Exim remote root
mailing-list
x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now