Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-12-24T00:00:00
Updated: 2024-01-18T02:47:22.078412
Reserved: 2023-12-24T00:00:00
Link: CVE-2023-51766
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-24T06:15:07.673
Modified: 2024-02-02T02:22:45.693
Link: CVE-2023-51766
JSON object: View
Redhat Information
No data.
CWE