Vulnerability in Exim mail server

Sept. 11, 2019

Newly released version of Exim mail server patches remote code execution vulnerability in versions up to and including 4.92.1. The vulnerability (CVE-2019-15846) is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC. We encourage users and administrators to review security advisory from Exim and apply necessary updates.