CVE-2023-42115 – CVE-2023-42115 is a critical out-of-bounds writ... (How to Fix)

Q: What is the severity of CVE-2023-42115?

CVE-2023-42115 has a CVSS score of 9.8 (CRITICAL). CVE-2023-42115 is a critical out-of-bounds write vulnerability in Exim's SMTP service that allows unauthenticated remote attackers to execute arbitrary code on vulnerable systems. This affects Exim installations with the vulnerable code path exposed. Attackers can compromise the entire system by exploiting this buffer overflow.

📋 TL;DR

CVE-2023-42115 is a critical out-of-bounds write vulnerability in Exim's SMTP service that allows unauthenticated remote attackers to execute arbitrary code on vulnerable systems. This affects Exim installations with the vulnerable code path exposed. Attackers can compromise the entire system by exploiting this buffer overflow.

💻 Affected Systems

Products:

Exim

Versions: Specific versions not specified in provided data, but likely multiple recent versions before patch

Operating Systems: Linux/Unix systems running Exim

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default SMTP service on port 25. Any Exim installation with SMTP service enabled is vulnerable.

📦 What is this software?

Exim by Exim

View all CVEs affecting Exim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level code execution, data exfiltration, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to service disruption, data theft, and lateral movement within the network.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege are implemented, though service disruption is still possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication required, making exploitation straightforward for attackers with working exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Exim security advisories for specific patched version

Vendor Advisory: https://www.exim.org/static/doc/security/

Restart Required: Yes

Instructions:

1. Check current Exim version. 2. Apply latest security patches from Exim repository. 3. Restart Exim service. 4. Verify patch is applied.

🔧 Temporary Workarounds

Disable SMTP service

linux

Temporarily disable Exim SMTP service if not required

systemctl stop exim
systemctl disable exim

Network firewall restriction

linux

Block external access to port 25/TCP

iptables -A INPUT -p tcp --dport 25 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate Exim servers
Deploy intrusion prevention systems with CVE-2023-42115 signatures

🔍 How to Verify

Check if Vulnerable:

Check Exim version and compare against patched versions in security advisory

Check Version:

exim --version

Verify Fix Applied:

Verify Exim version is updated to patched release and service is running

📡 Detection & Monitoring

Log Indicators:

Unusual SMTP connection patterns
Buffer overflow error messages in Exim logs
Failed authentication attempts on port 25

Network Indicators:

Unusual traffic to port 25 from unexpected sources
Malformed SMTP packets

SIEM Query:

source="exim.log" AND ("buffer overflow" OR "out of bounds" OR suspicious SMTP commands)

📊 Metadata

CVE ID: CVE-2023-42115

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42115, you might also want to check these: