Vulnerability Database

310,450

Total vulnerabilities in the database

CVE-2014-2957

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

  • Published: Sep 4, 2014
  • Updated: Nov 9, 2025
  • CVE: CVE-2014-2957
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
exim / exim 4.70 4.70.x
exim / exim 4.69 4.69.x
exim / exim 4.66 4.66.x
exim / exim 4.10 4.10.x
exim / exim 4.76 4.76.x
exim / exim - 4.82.x
exim / exim 4.24 4.24.x
exim / exim 4.30 4.30.x
exim / exim 4.21 4.21.x
exim / exim 4.03 4.03.x
exim / exim 4.51 4.51.x
exim / exim 4.71 4.71.x
exim / exim 4.74 4.74.x
exim / exim 4.67 4.67.x
exim / exim 4.63 4.63.x
exim / exim 4.00 4.00.x
exim / exim 4.43 4.43.x
exim / exim 4.22 4.22.x
exim / exim 4.40 4.40.x
exim / exim 4.52 4.52.x
exim / exim 4.60 4.60.x
exim / exim 4.61 4.61.x
exim / exim 4.68 4.68.x
exim / exim 4.54 4.54.x
exim / exim 4.02 4.02.x
exim / exim 4.77 4.77.x
exim / exim 4.23 4.23.x
exim / exim 4.01 4.01.x
exim / exim 4.62 4.62.x
exim / exim 4.12 4.12.x
exim / exim 4.32 4.32.x
exim / exim 4.11 4.11.x
exim / exim 4.42 4.42.x
exim / exim 4.05 4.05.x
exim / exim 4.31 4.31.x
exim / exim 4.72 4.72.x
exim / exim 4.44 4.44.x
exim / exim 4.14 4.14.x
exim / exim 4.64 4.64.x
exim / exim 4.04 4.04.x
exim / exim 4.75 4.75.x
exim / exim 4.41 4.41.x
exim / exim 4.20 4.20.x
exim / exim 4.65 4.65.x
exim / exim 4.53 4.53.x
exim / exim 4.80 4.80.x
exim / exim 4.33 4.33.x
exim / exim 4.80.1 4.80.1.x
exim / exim 4.73 4.73.x
exim / exim 4.50 4.50.x
exim / exim 4.34 4.34.x