CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 15, 2022

CVE-2010-4344

High

EPSS 61.5%CISA KEV

Description

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.

EPSS — Exploit Probability

61.5%

Higher than 98.3% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2010-4344

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 61.5%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Mar 25, 2022

Added to KEV

Mar 25, 2022

Remediation Due

Apr 15, 2022

Affected Product

Exim

View all Exim CVEs

External Links

NVD (NIST)CVE Details MITRE CVE