Bugzilla – Bug 1227423
VUL-0: CVE-2024-39929: exim: Incorrect parsing of multiline rfc2231 header filename
Last modified: 2024-07-15 17:05:28 UTC
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39929 https://bugzilla.redhat.com/show_bug.cgi?id=2295819 https://www.cve.org/CVERecord?id=CVE-2024-39929 https://bugs.exim.org/show_bug.cgi?id=3099 https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357 https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3 https://www.rfc-editor.org/rfc/rfc2231.txt
relevant for Factory and Backports
This is an autogenerated message for OBS integration: This bug (1227423) was mentioned in https://build.opensuse.org/request/show/1187596 Factory / exim https://build.opensuse.org/request/show/1187597 Backports:SLE-15-SP6 / exim