When Exim is configured to verify certificates against hostnames and hostname resolution yields a CNAME, then Exim will verify the certificate against the canonical name rather than the original hostname. An attacker with control over the network (e.g. a rogue public wifi) can forge CNAME records to point to a hostname under their control. They can then obtain a legitimate certificate for the host under their control, which Exim will accept as valid for the host it intended to connect to.
External References: https://bugs.exim.org/show_bug.cgi?id=2594
Created exim tracking bugs for this issue: Affects: epel-all [bug 1942583] Affects: fedora-all [bug 1942582]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.