Exim - Remote Code Execution (CVE-2023-42115)

Exim versions 4.96 and below are vulnerable to CVE-2023-42115, a Remote Code Execution vulnerability, affecting the external authentication mechanism. The root cause of this vulnerability is an out-of-bounds overflow write when external authentication is enabled. This vulnerability allows an unauthenticated remote attacker to exploit this vulnerability by using the external authentication to provide a base64 encoded message that can cause an overflow which can lead to Remote Code Execution.

Exim 版本 4.96 及以下版本易受 CVE-2023-42115 漏洞影响，该漏洞为远程代码执行漏洞，影响外部身份验证机制。此漏洞的根本原因在于启用外部身份验证时发生的越界溢出写入。该漏洞使得未经身份验证的远程攻击者能够利用外部身份验证提供 base64 编码的消息，从而引发溢出，进而可能导致远程代码执行。