Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 921520 (CVE-2023-51766) - <mail-mta/exim-4.97.1: smtp smuggling
Summary: <mail-mta/exim-4.97.1: smtp smuggling
Alias: CVE-2023-51766
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa+]
Depends on: 921844
  Show dependency tree
Reported: 2024-01-06 20:53 UTC by John Helmert III
Modified: 2024-02-18 09:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-01-06 20:53:27 UTC

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

Indeed fixed in 4.97.1. Please stabilize.
Comment 1 Hans de Graaff gentoo-dev Security 2024-02-10 15:04:07 UTC
commit c11d2a7a9507bd2392e0c8c83e6719debbf18ab1
Author: Fabian Groffen <>
Date:   Fri Jan 12 12:56:22 2024 +0100

    mail-mta/exim: cleanup vulnerable
Comment 2 Larry the Git Cow gentoo-dev 2024-02-18 09:29:49 UTC
The bug has been referenced in the following commit(s):

commit 885ac7b1a9d8098a326b2e38010dda5ab6534a71
Author:     GLSAMaker <>
AuthorDate: 2024-02-18 09:29:14 +0000
Commit:     Hans de Graaff <>
CommitDate: 2024-02-18 09:29:37 +0000

    [ GLSA 202402-18 ] Exim: Multiple Vulnerabilities
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Hans de Graaff <>

 glsa-202402-18.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)