In Exim, the fourth critical vulnerability in a year discovered was discovered. The developers have already published an emergency release of Exim 4.92.3 with fixes. The fix works for Ubuntu, Arch Linux, FreeBSD, Debian, and Fedora.
The vulnerability potentially allows malicious code to be executed on the server. An attacker only needs to pass a string of several kilobytes in the EHLO command. The buffer of the string_vformat () function overflows, this causes a crash. In theory, buffer overflows can also be caused through other commands.