SARA / Free Tools / KEV / CVE-2010-4344

CVE-2010-4344 on CISA KEV

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper reje

CISA KEV — Actively Exploited

Exim Heap-Based Buffer Overflow Vulnerability

Vendor / Product

— / Exim / Exim

Added to KEV

2022-03-25

BOD 22-01 due

2022-04-15

Ransomware use

Unknown

CVSS / EPSS

— — · EPSS 61.46%

01What CISA says about this vulnerability

02Required action — verbatim from CISA

Apply updates per vendor instructions.

03Notes & references

lists.opensuse.org — http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
www.exim.org — http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
bugs.exim.org — http://bugs.exim.org/show_bug.cgi?id=787
www.securitytracker.com — http://www.securitytracker.com/id?1024858
www.redhat.com — http://www.redhat.com/support/errata/RHSA-2010-0970.html
www.vupen.com — http://www.vupen.com/english/advisories/2010/3186
www.securityfocus.com — http://www.securityfocus.com/bid/45308
www.metasploit.com — http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
atmail.com — http://atmail.com/blog/2010/atmail-6204-now-available/
secunia.com — http://secunia.com/advisories/42576
secunia.com — http://secunia.com/advisories/42587
bugzilla.redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=661756
lists.exim.org — http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
secunia.com — http://secunia.com/advisories/40019
www.vupen.com — http://www.vupen.com/english/advisories/2010/3172
www.kb.cert.org — http://www.kb.cert.org/vuls/id/682457
www.vupen.com — http://www.vupen.com/english/advisories/2010/3181
secunia.com — http://secunia.com/advisories/42586
www.vupen.com — http://www.vupen.com/english/advisories/2010/3317
www.ubuntu.com — http://www.ubuntu.com/usn/USN-1032-1
www.cpanel.net — http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notifi…
www.osvdb.org — http://www.osvdb.org/69685
www.securityfocus.com — http://www.securityfocus.com/archive/1/515172/100/0/threaded
www.theregister.co.uk — http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
www.vupen.com — http://www.vupen.com/english/advisories/2010/3246
www.vupen.com — http://www.vupen.com/english/advisories/2010/3204
git.exim.org — http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
www.debian.org — http://www.debian.org/security/2010/dsa-2131
www.vupen.com — http://www.vupen.com/english/advisories/2010/3171
secunia.com — http://secunia.com/advisories/42589

04SARA's analyst layer — why this matters

This vulnerability is currently on the CISA KEV list, which CISA only adds CVEs to when there is reliable evidence of active exploitation in the wild. For federal civilian agencies, BOD 22-01 requires remediation by the due date above. For everyone else, KEV is the strongest "patch immediately" signal you can get from public threat intel.

05Affected products (summary)

Vendor	Product	Versions
n	a / n/a	n/a

06Detection

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection:

Open in Sigma generator →

Programmatic KEV data?
SARA's API returns KEV, CVSS, EPSS + analyst summary in one call.

Read the API reference →

Full CVE detail → Search KEV →