What is the severity of CVE-2010-4344?

CVE-2010-4344 is rated as a high severity vulnerability that allows remote code execution due to a heap-based buffer overflow.

How do I fix CVE-2010-4344?

To fix CVE-2010-4344, upgrade Exim to version 4.70 or later.

What systems are affected by CVE-2010-4344?

CVE-2010-4344 affects various versions of Exim prior to 4.70, including Exim 2.11 through 4.69.

Can CVE-2010-4344 be exploited remotely?

Yes, CVE-2010-4344 can be exploited remotely through an SMTP session with specially crafted MAIL commands.

What type of vulnerability is CVE-2010-4344?

CVE-2010-4344 is classified as a buffer overflow vulnerability.

Vulnerability/
CVE-2010-4344

Exploited

critical

9.8

CWE

119 787

9/12/2010

14/12/2010

7/2/2025

CVE-2010-4344: Exim Heap-Based Buffer Overflow Vulnerability

First published: Thu Dec 09 2010(Updated: )

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
sa-exim
sa-exim	=2.11
sa-exim	=4.66
sa-exim	=4.10
sa-exim	=3.16
sa-exim	=3.21
sa-exim	=3.01
sa-exim	=3.31
sa-exim	=4.24
sa-exim	=3.33
sa-exim	=3.30
sa-exim	=4.30
sa-exim	=4.21
sa-exim	=4.03
sa-exim	=4.51
sa-exim	=4.67
sa-exim	=4.63
sa-exim	=4.00
sa-exim	=4.43
sa-exim	=4.22
sa-exim	=3.10
sa-exim	=4.40
sa-exim	=4.52
sa-exim	=3.36
sa-exim	=3.15
sa-exim	=4.60
sa-exim	=4.61
sa-exim	=2.12
sa-exim	=4.68
sa-exim	=4.54
sa-exim	=4.02
sa-exim	=4.23
sa-exim	=4.01
sa-exim	=3.34
sa-exim	<=4.69
sa-exim	=3.00
sa-exim	=4.62
sa-exim	=3.02
sa-exim	=3.03
sa-exim	=3.12
sa-exim	=3.20
sa-exim	=4.12
sa-exim	=3.22
sa-exim	=4.32
sa-exim	=4.11
sa-exim	=4.42
sa-exim	=4.05
sa-exim	=4.31
sa-exim	=3.14
sa-exim	=3.11
sa-exim	=3.35
sa-exim	=4.44
sa-exim	=4.14
sa-exim	=4.64
sa-exim	=4.04
sa-exim	=4.41
sa-exim	=4.20
sa-exim	=2.10
sa-exim	=4.65
sa-exim	=4.53
sa-exim	=4.33
sa-exim	=3.13
sa-exim	=4.50
sa-exim	=3.32
sa-exim	=4.34
sa-exim	<4.70
openSUSE	=11.1
openSUSE	=11.2
openSUSE	=11.3
Debian	=5.0
Ubuntu	=6.06
Ubuntu	=8.04
Ubuntu	=9.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-4344?
CVE-2010-4344 is rated as a high severity vulnerability that allows remote code execution due to a heap-based buffer overflow.
How do I fix CVE-2010-4344?
To fix CVE-2010-4344, upgrade Exim to version 4.70 or later.
What systems are affected by CVE-2010-4344?
CVE-2010-4344 affects various versions of Exim prior to 4.70, including Exim 2.11 through 4.69.
Can CVE-2010-4344 be exploited remotely?
Yes, CVE-2010-4344 can be exploited remotely through an SMTP session with specially crafted MAIL commands.
What type of vulnerability is CVE-2010-4344?
CVE-2010-4344 is classified as a buffer overflow vulnerability.

agent/type
agent/remedy
agent/first-publish-date
agent/title
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2010-4344
agent/author
agent/severity
agent/references
agent/event
agent/trending
agent/source
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-index
agent/weakness
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
collector/nvd-api
source/NVD
collector/nvd-cve
vendor/exim
canonical/sa-exim
version/sa-exim/2.11
version/sa-exim/4.66
version/sa-exim/4.10
version/sa-exim/3.16
version/sa-exim/3.21
version/sa-exim/3.01
version/sa-exim/3.31
version/sa-exim/4.24
version/sa-exim/3.33
version/sa-exim/3.30
version/sa-exim/4.30
version/sa-exim/4.21
version/sa-exim/4.03
version/sa-exim/4.51
version/sa-exim/4.67
version/sa-exim/4.63
version/sa-exim/4.00
version/sa-exim/4.43
version/sa-exim/4.22
version/sa-exim/3.10
version/sa-exim/4.40
version/sa-exim/4.52
version/sa-exim/3.36
version/sa-exim/3.15
version/sa-exim/4.60
version/sa-exim/4.61
version/sa-exim/2.12
version/sa-exim/4.68
version/sa-exim/4.54
version/sa-exim/4.02
version/sa-exim/4.23
version/sa-exim/4.01
version/sa-exim/3.34
version/sa-exim/4.69
version/sa-exim/3.00
version/sa-exim/4.62
version/sa-exim/3.02
version/sa-exim/3.03
version/sa-exim/3.12
version/sa-exim/3.20
version/sa-exim/4.12
version/sa-exim/3.22
version/sa-exim/4.32
version/sa-exim/4.11
version/sa-exim/4.42
version/sa-exim/4.05
version/sa-exim/4.31
version/sa-exim/3.14
version/sa-exim/3.11
version/sa-exim/3.35
version/sa-exim/4.44
version/sa-exim/4.14
version/sa-exim/4.64
version/sa-exim/4.04
version/sa-exim/4.41
version/sa-exim/4.20
version/sa-exim/2.10
version/sa-exim/4.65
version/sa-exim/4.53
version/sa-exim/4.33
version/sa-exim/3.13
version/sa-exim/4.50
version/sa-exim/3.32
version/sa-exim/4.34
vendor/opensuse
canonical/opensuse
version/opensuse/11.1
version/opensuse/11.2
version/opensuse/11.3
vendor/debian
canonical/debian
version/debian/5.0
vendor/canonical
canonical/ubuntu
version/ubuntu/6.06
version/ubuntu/8.04
version/ubuntu/9.10

CVE-2010-4344: Exim Heap-Based Buffer Overflow Vulnerability

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-4344?

How do I fix CVE-2010-4344?

What systems are affected by CVE-2010-4344?

Can CVE-2010-4344 be exploited remotely?

What type of vulnerability is CVE-2010-4344?

Company

Resources

Contact