Response Injection Vulnerability in Exim Mail Transfer Agent
CVE-2021-38371

7.5HIGH

Key Information:

Vendor: Exim
Status: Exim
Vendor: CVE Published:; 10 August 2021

What is CVE-2021-38371?

The STARTTLS functionality in Exim versions prior to 4.94.3 is susceptible to a response injection flaw, allowing attackers to exploit the mail transfer agent (MTA) during SMTP operations. This vulnerability arises when the server's response can be manipulated, potentially leading to unauthorized information disclosure or malicious redirection. It is critical for users of Exim to apply the latest updates to mitigate this risk.