CVE-2014-2957
EPSS 1.8%
Description
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
How to fix CVE-2014-2957
To remediate CVE-2014-2957, upgrade the affected package to a fixed version below.
- Debian/exim4—upgrade to 4.82.1-1 or later
Is CVE-2014-2957 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.82.1-1