In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
Exploitability
AV:NAC:HPR:NUI:NScope
S:UImpact
C:LI:NA:L4.8/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:LOther