QSearchQSearch

CVE-2021-38371

7.5 HIGH

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending

Published: 2021-08-10 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE
CWE-74

Affected products

VendorProduct
eximexim

Description

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-48840 Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack me... (5.3 MEDIUM)
  • CVE-2026-45185 Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path (9.8 CRITICAL)

Same CWE

  • CVE-2026-12223 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
  • CVE-2026-12219 A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
  • CVE-2026-12206 A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
  • CVE-2026-12197 A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
  • CVE-2026-12188 A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)