{"id":"CVE-2023-51766","details":"Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports \u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e but some other popular e-mail servers do not.","modified":"2026-04-10T05:06:20.542125Z","published":"2023-12-24T06:15:07.673Z","related":["CGA-4j25-m35p-95p5","openSUSE-SU-2024:0007-1","openSUSE-SU-2024:13543-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/"},{"type":"WEB","url":"https://exim.org/static/doc/security/CVE-2023-51766.txt"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/01/01/3"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/12/29/2"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/01/01/2"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00002.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/01/01/1"},{"type":"ADVISORY","url":"https://lwn.net/Articles/956533/"},{"type":"ADVISORY","url":"https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/12/25/1"},{"type":"ADVISORY","url":"https://github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/12/24/1"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255852"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2023/12/23/2"},{"type":"REPORT","url":"https://bugs.exim.org/show_bug.cgi?id=3063"},{"type":"FIX","url":"https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca"},{"type":"FIX","url":"https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5"},{"type":"ARTICLE","url":"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html"},{"type":"EVIDENCE","url":"https://www.youtube.com/watch?v=V8KPV96g1To"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exim/exim","events":[{"introduced":"0"},{"fixed":"5a8fc079931410b30889e69f890857b05ca8d4b2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.97.1"}]}}],"versions":["DEVEL_PDKIM_START","exim-4.90devstart","exim-4.92","exim-4.92-RC1","exim-4.92-RC2","exim-4.92-RC3","exim-4.92-RC4","exim-4.92-RC5","exim-4.92-RC6","exim-4.92-jgh","exim-4.93","exim-4.93-RC0","exim-4.93-RC1","exim-4.93-RC2","exim-4.93-RC3","exim-4.93-RC4","exim-4.93-RC5","exim-4.93-RC6","exim-4.93-RC7","exim-4.94","exim-4.94-RC1","exim-4.94-RC2","exim-4.95","exim-4.95-RC0","exim-4.95-RC1","exim-4.95-RC2","exim-4.96","exim-4.96-RC0","exim-4.96-RC1","exim-4.96-RC2","exim-4.97","exim-4.97-RC0","exim-4.97-RC1","exim-4.97-RC2","exim-4_50","exim-4_51","exim-4_52","exim-4_53","exim-4_54","exim-4_61","exim-4_62","exim-4_63","exim-4_64","exim-4_65","exim-4_66","exim-4_67","exim-4_68","exim-4_69","exim-4_70","exim-4_70_RC3","exim-4_70_RC4","exim-4_71","exim-4_72","exim-4_72_RC1","exim-4_72_RC2","exim-4_73","exim-4_73_RC00","exim-4_73_RC1","exim-4_74","exim-4_74_RC1","exim-4_75","exim-4_75_RC1","exim-4_75_RC2","exim-4_75_RC3","exim-4_76","exim-4_76_RC1","exim-4_76_RC2","exim-4_77","exim-4_77_RC1","exim-4_77_RC2","exim-4_77_RC3","exim-4_77_RC4","exim-4_80","exim-4_80_RC1","exim-4_80_RC2","exim-4_80_RC3","exim-4_80_RC4","exim-4_80_RC5","exim-4_80_RC6","exim-4_80_RC7","exim-4_82","exim-4_82_RC1","exim-4_82_RC2","exim-4_82_RC3","exim-4_82_RC4","exim-4_82_RC5","exim-4_83","exim-4_83_RC1","exim-4_83_RC2","exim-4_83_RC3","exim-4_84","exim-4_84_RC1","exim-4_84_RC2","exim-4_85","exim-4_85_RC1","exim-4_85_RC2","exim-4_85_RC3","exim-4_85_RC4","exim-4_86","exim-4_86_RC1","exim-4_86_RC2","exim-4_86_RC3","exim-4_86_RC4","exim-4_86_RC5","exim-4_87","exim-4_87_RC1","exim-4_87_RC2","exim-4_87_RC3","exim-4_87_RC4","exim-4_87_RC5","exim-4_87_RC6","exim-4_87_RC7","exim-4_88","exim-4_88_RC1","exim-4_88_RC2","exim-4_88_RC3","exim-4_88_RC4","exim-4_88_RC5","exim-4_88_RC6","exim-4_89_RC1","exim-4_89_RC3","exim-4_90","exim-4_90_RC1","exim-4_90_RC2","exim-4_90_RC3","exim-4_90_RC4","exim-4_91","exim-4_91_RC1","exim-4_91_RC2","exim-4_91_RC3","exim-4_91_RC4","exim-4_94_RC0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-51766.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}