CVE-2019-16928: Critical Buffer Overflow Flaw in Exim is Remotely Exploitable

On September 28, Exim maintainers published an advance notice concerning a new vulnerability in Exim 4.92 up to and including 4.92.2. This latest vulnerability in Exim is a heap-based buffer overflow, which can be used by an unauthenticated, remote attacker in a denial of service (DoS) attack or potentially to execute arbitrary code. From our analysis of Shodan results, over 3.5 million systems may be affected.

The Exim team released version 4.92.3 on September 29 to address CVE-2019-16928. Administrators are encouraged to upgrade as soon as possible. No mitigations exist at this time.

For more information, please visit our blog.