Security Advisory

CVE-2023-51766

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-24 00:00:00
Last updated 2025-11-04 18:21:35
Assigner mitre
State PUBLISHED

Description

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.