Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
Created exim tracking bugs for this issue:
Affects: epel-all [bug 1836364]
Affects: fedora-all [bug 1836363]
This flaw does not affect Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, or Red Hat Enterprise Linux 8.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):