Intel/CVE-2023-51766
Exim
CVE-2023-51766
Exim is vulnerable to SPF bypass
SPF bypass Pre-CVE Published Dec 24, 2023
Found by Aikido Intel before public disclosure or CVE publication.
53
Medium Risk
This Affects:
EximAre you affected? Scan for Free
TL;DR
The Exim mailserver allows SMTP smuggling attacks, resulting in attackers being able to bypass SPF and deliver email that looks like it came from any domain name and also passes any SPF/DKIM check.
Who does this affect?
You're affected if you are running Exim mailserver publicly to process email.
Background info
Exim is vulnerable to SPF bypass in versions < 4.97.1.
How to fix this
To fix the vulnerability upgrade Exim to 4.97.1. If upgrading is not possible, follow the workaround given in https://github.com/Exim/exim/blob/f7ccf53fdc4edeb5e69073af531cc81d8e9ded5a/doc/doc-txt/cve-2023-51766
Links
openwall.com/lists/oss-security/2023/12/24/1http://www.openwall.com/lists/oss-security/2023/12/24/1
openwall.com/lists/oss-security/2023/12/25/1http://www.openwall.com/lists/oss-security/2023/12/25/1
openwall.com/lists/oss-security/2023/12/29/2http://www.openwall.com/lists/oss-security/2023/12/29/2
openwall.com/lists/oss-security/2024/01/01/1http://www.openwall.com/lists/oss-security/2024/01/01/1
openwall.com/lists/oss-security/2024/01/01/2http://www.openwall.com/lists/oss-security/2024/01/01/2
openwall.com/lists/oss-security/2024/01/01/3http://www.openwall.com/lists/oss-security/2024/01/01/3
bugs.exim.org/show_bug.cgi?id=3063https://bugs.exim.org/show_bug.cgi?id=3063
bugzilla.redhat.com/show_bug.cgi?id=2255852https://bugzilla.redhat.com/show_bug.cgi?id=2255852
exim.org/static/doc/security/CVE-2023-51766.txthttps://exim.org/static/doc/security/CVE-2023-51766.txt
fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.htmlhttps://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html
git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5cahttps://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5
github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766https://github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766
lists.debian.org/debian-lts-announce/2024/01/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2024/01/msg00002.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/
lwn.net/Articles/956533/https://lwn.net/Articles/956533/
sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
openwall.com/lists/oss-security/2023/12/23/2https://www.openwall.com/lists/oss-security/2023/12/23/2
youtube.com/watch?v=V8KPV96g1Tohttps://www.youtube.com/watch?v=V8KPV96g1To
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
Resources
Industries
Use Cases
Compare
© 2026 Aikido Security BV | BE0792914919
Keizer Karelstraat 15, 9000, Ghent, Belgium
95 Third St, 2nd Fl, San Francisco, CA 94103, US
Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK
Ghent, Belgium | San Francisco, US
SOC 2Compliant
ISO 27001Compliant