expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Exim | Exim | 4.70 | 4.70 |
| Exim | Exim | 4.69 | 4.69 |
| Exim | Exim | 4.66 | 4.66 |
| Exim | Exim | 4.10 | 4.10 |
| Exim | Exim | 4.76 | 4.76 |
| Exim | Exim | 4.24 | 4.24 |
| Exim | Exim | 4.30 | 4.30 |
| Exim | Exim | 4.21 | 4.21 |
| Exim | Exim | 4.03 | 4.03 |
| Exim | Exim | 4.51 | 4.51 |
| Exim | Exim | 4.71 | 4.71 |
| Exim | Exim | 4.74 | 4.74 |
| Exim | Exim | 4.67 | 4.67 |
| Exim | Exim | 4.63 | 4.63 |
| Exim | Exim | 4.00 | 4.00 |
| Exim | Exim | 4.43 | 4.43 |
| Exim | Exim | 4.22 | 4.22 |
| Exim | Exim | 4.40 | 4.40 |
| Exim | Exim | 4.52 | 4.52 |
| Exim | Exim | 4.60 | 4.60 |
| Exim | Exim | 4.61 | 4.61 |
| Exim | Exim | 4.68 | 4.68 |
| Exim | Exim | 4.54 | 4.54 |
| Exim | Exim | 4.02 | 4.02 |
| Exim | Exim | 4.77 | 4.77 |
| Exim | Exim | 4.23 | 4.23 |
| Exim | Exim | 4.01 | 4.01 |
| Exim | Exim | 4.62 | 4.62 |
| Exim | Exim | 4.12 | 4.12 |
| Exim | Exim | 4.32 | 4.32 |
| Exim | Exim | 4.11 | 4.11 |
| Exim | Exim | * | 4.82.1 |
| Exim | Exim | 4.42 | 4.42 |
| Exim | Exim | 4.05 | 4.05 |
| Exim | Exim | 4.31 | 4.31 |
| Exim | Exim | 4.72 | 4.72 |
| Exim | Exim | 4.44 | 4.44 |
| Exim | Exim | 4.14 | 4.14 |
| Exim | Exim | 4.64 | 4.64 |
| Exim | Exim | 4.04 | 4.04 |
| Exim | Exim | 4.75 | 4.75 |
| Exim | Exim | 4.41 | 4.41 |
| Exim | Exim | 4.20 | 4.20 |
| Exim | Exim | 4.65 | 4.65 |
| Exim | Exim | 4.53 | 4.53 |
| Exim | Exim | 4.80 | 4.80 |
| Exim | Exim | 4.33 | 4.33 |
| Exim | Exim | 4.80.1 | 4.80.1 |
| Exim | Exim | 4.73 | 4.73 |
| Exim | Exim | 4.50 | 4.50 |
| Exim | Exim | 4.34 | 4.34 |
| Exim | Exim | 4.82 | 4.82 |