CVE-2011-1764

EPSS 4.7%

exim4 - format string vulnerability

Published: 10/5/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-1764

Description

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

Affected packages (2)

Debian/exim4from 0, < 4.75-3
Debian/exim4from 0, < 4.72-6+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1764