A critical security vulnerability has been discovered and fixed in the popular open-source email server software. The vulnerability is a heap-based buffer overflow (memory corruption) issue in string_vformat defined in string.c file of the EHLO Command Handler component. The security flaw could allow remote attackers to cause a denial of service (DoS) condition or execute arbitrary code on a targeted Exim mail server. Exim is a widely used, open source mail transfer agent developed for Unix-like operating systems like Linux, Mac OSX or Solaris.
Source: https://thehackernews.com/2019/09/exim-email-security-vulnerability.html