Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Memory Corruption
Buffer Overflow
Exim
Debian Linux
NVD
GitHub
CVSS 3.1
9.8
EPSS
2.9%