CVE-2024-39929

Scores

EPSS

0.603medium60.3%

0%20%40%60%80%100%

Percentile: 60.3%

CVSS

3.7low3.x

0246810

CVSS Score: 3.7/10

All CVSS Scores

CVSS 3.x

3.7

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Description

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

astradebiannvdubuntu

CWEs

CWE-116CWE-693

Related Vulnerabilities

BDU:2024-05250

Exploits

Exploit ID: CVE-2024-39929

Source: github-poc

URL: https://github.com/michael-david-fry/CVE-2024-39929

Vulnerable Software (8)

Type: Configuration

Product: exim4

Operating System: debian

Trait:

{  "fixed": "4.98~RC3-2"}

Source: debian

Type: Configuration

Product: exim4

Operating System: astra 1.7.6.11

Trait:

{  "unaffected": true}

Source: astra

Type: Configuration

Product: exim4

Operating System: astra 4.7.6.9

Trait:

{  "unaffected": true}

Source: astra

Type: Configuration

Product: exim4

Operating System: ubuntu focal 20.04

Trait:

{  "fixed": "4.93-13ubuntu1.12"}

Source: ubuntu

Type: Configuration

Product: exim4

Operating System: ubuntu jammy 22.04

Trait:

{  "fixed": "4.95-4ubuntu2.6"}

Source: ubuntu

Type: Configuration

Product: exim4

Operating System: ubuntu mantic 23.10

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: exim4

Operating System: ubuntu noble 24.04

Trait:

{  "fixed": "4.97-4ubuntu4.1"}

Source: ubuntu

Type: Configuration

Vendor: *

Product: exim

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",      "versionEndIncluding": "4.97.1",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2024-39929

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (8)