Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 807619 (CVE-2021-38371) - mail-mta/exim: STARTTLS response injection (buffering) (CVE-2021-38371)
Summary: mail-mta/exim: STARTTLS response injection (buffering) (CVE-2021-38371)
Status: IN_PROGRESS
Alias: CVE-2021-38371
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://nostarttls.secvuln.info
Whiteboard: B4 [upstream]
Keywords:
Depends on:
Blocks: 807352
  Show dependency tree
 
Reported: 2021-08-10 20:37 UTC by John Helmert III
Modified: 2021-08-23 21:55 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-08-10 20:37:59 UTC
CVE-2021-38371:

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

The CVE references this, but it 404s for me: https://www.exim.org/static/doc/security/CVE-2021-38371.txt