Template / PR Information

• Added CVE-2019-16928 - Exim Heap Buffer Overflow (EHLO Command)
• References:
  • https://www.exim.org/static/doc/security/CVE-2019-16928.txt
  • https://bugs.exim.org/show_bug.cgi?id=2449
  • https://www.openwall.com/lists/oss-security/2019/09/28/1
  • https://nvd.nist.gov/vuln/detail/CVE-2019-16928
  • Vulnerable test server: https://gist.github.com/MAVRICK-1/c97dd3e8c0a7151f8846bbcf51a0ba41

Template Validation

I’ve validated this template locally?

• YES
• NO

Additional Details (leave it blank if not applicable)

Vulnerability Details:

• Affects Exim 4.92 through 4.92.2
• Heap buffer overflow in string_vformat() function triggered by long EHLO command
• Template sends 1200-character EHLO payload to trigger crash
• Detection based on vulnerable version + crash response (not version-only)

Test Environment:

• Vulnerable test server: https://gist.github.com/MAVRICK-1/c97dd3e8c0a7151f8846bbcf51a0ba41
• Server simulates CVE-2019-16928 vulnerability for template validation

Debug Output (Successful Detection):

[CVE-2019-16928:word-1] [tcp] [critical] localhost:8825
[INF] Scan completed in 2.530696ms. 1 matches found.

Response Data Snippet:

220 mail.vulnerable-test.local ESMTP Exim 4.92.2 Tue, 01 Jul 2025 00:24:22 +0000
421 Service not available, closing transmission channel

Shodan Query: "ESMTP Exim 4.92"

Template Features:

• ✅ Complete POC with actual exploit payload
• ✅ Exploitation-based detection (not version-only)
• ✅ Tests multiple SMTP ports (25, 587, 465)
• ✅ Includes version extraction
• ✅ KEV listed vulnerability

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

/claim #12169 /resolve #12169