CVE-2023-42116
Published: 03 May 2024
Summary
CVE-2023-42116 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Exim Exim. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 8.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Exim is affected by a stack-based buffer overflow vulnerability that permits remote code execution. The flaw occurs in the SMTP server's handling of NTLM challenge requests, where the length of attacker-supplied data is not validated before it is copied into a fixed-length stack buffer. The issue was originally reported as ZDI-CAN-17515 and carries a CVSS 3.1 score of 9.8.
Unauthenticated remote attackers can send a crafted NTLM challenge to trigger the overflow and execute arbitrary code in the context of the Exim service account. No user interaction or prior authentication is required for successful exploitation.
The referenced Zero Day Initiative advisory and Debian LTS announcement address the issue, though specific patch or configuration details are not provided in the source material. The associated EPSS score has remained flat at 0.0673 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-46575
Vulnerability details
Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of…
more
NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17515.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.