CVE-2024-39929

{"id": "CVE-2024-39929", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-07-04T15:15:10.323", "references": [{"url": "https://bugs.exim.org/show_bug.cgi?id=3099#c4", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://www.rfc-editor.org/rfc/rfc2231.txt", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://bugs.exim.org/show_bug.cgi?id=3099#c4", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.rfc-editor.org/rfc/rfc2231.txt", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users."}, {"lang": "es", "value": "Exim hasta la versi\u00f3n 4.97.1 analiza err\u00f3neamente un nombre de archivo de encabezado RFC 2231 multil\u00ednea y, por lo tanto, atacantes remotos pueden eludir un mecanismo de protecci\u00f3n de bloqueo de extensi\u00f3n $mime_filename y potencialmente entregar archivos adjuntos ejecutables a los buzones de correo de los usuarios finales."}], "lastModified": "2025-07-10T22:15:25.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "067D683A-5A3E-4B3D-86A4-4BB405D84A7D", "versionEndIncluding": "4.97.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}