cve/2024/CVE-2024-39929.md

CVE-2024-39929

Description

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

POC

Reference

No PoCs from references.

Github

• https://github.com/krlabs/eximsmtp-vulnerabilities
• https://github.com/michael-david-fry/CVE-2024-39929
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/plzheheplztrying/cve_monitor
• https://github.com/rxerium/CVE-2024-39929
• https://github.com/rxerium/stars