CVE-2020-28020: 
Exim vulnerability analysis and mitigation

Exim 4 before 4.92 contains a critical vulnerability (CVE-2020-28020) where an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. This vulnerability involves an Integer Overflow that leads to a Buffer Overflow condition (NVD, CVE).

The vulnerability stems from an integer overflow condition that can be exploited to cause a buffer overflow. The issue occurs during the processing of header-length restrictions, specifically when handling continuation lines. The vulnerability allows an attacker to manipulate memory allocations through crafted email headers, potentially leading to arbitrary code execution (Qualys Advisory).

The vulnerability enables an unauthenticated remote attacker to execute arbitrary code with the privileges of the Exim user. This can lead to complete system compromise, especially when combined with other vulnerabilities to escalate privileges (NVD).

The primary mitigation is to upgrade Exim to version 4.92 or later. The vulnerability was fixed in this release through proper handling of header-length restrictions and continuation lines (Debian Tracker).

The vulnerability generated significant discussion in the security community, particularly regarding its exploitation techniques. Security researchers actively discussed the technical aspects of the vulnerability on the oss-security mailing list, seeking clarification about the exploitation methods (Openwall).