Exim versions 4.88 to 4.99.3 have a vulnerability that leaks uninitialized stack memory into SMTP banners when processing malformed proxy headers, allowing attackers to map system memory layouts and bypass address space randomization protections. Upgrading to version 4.99.4 addresses this issue by implementing strict length checks that reject invalid frames before they can access sensitive information. The vulnerability arises in the proxy_protocol() function when it improperly handles incoming connection headers, potentially exposing live memory pointers in the SMTP greeting banner. Administrators should prioritize upgrading to the latest version or disabling the proxy feature completely to mitigate risks until patches are fully deployed

Exim 4.99.4 Addresses PROXY-protocol Vulnerability

Servers running Exim versions between 4.88 and 4.99.3 leak uninitialized stack memory straight into SMTP banners when processing malformed proxy headers. Attackers can grab those raw bytes to map out system memory layouts and bypass modern address space randomization protections. Rolling out version 4.99.4 adds strict length checks that reject the bad frames before they touch sensitive data, while clearing the hosts_proxy directive disables the feature entirely until patches propagate. Mail admins should treat this as a high priority since leaving an unpatched relay open to the internet basically hands attackers a free memory map.

Exim 4.99.4 Addresses PROXY-protocol Vulnerability @ Linux Compatible