{"id":"CVE-2016-9963","details":"Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.","modified":"2026-06-18T03:57:06.990611608Z","published":"2017-02-01T15:59:00.270Z","related":["openSUSE-SU-2024:10746-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"canonical:ubuntu_linux","cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"12.04"},{"last_affected":"14.04"},{"last_affected":"16.04"},{"last_affected":"16.10"}],"source":"CPE_STRING"},{"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_STRING"}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3747"},{"type":"ADVISORY","url":"http://www.exim.org/static/doc/CVE-2016-9963.txt"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94947"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037484"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3164-1"},{"type":"REPORT","url":"https://bugs.exim.org/show_bug.cgi?id=1996"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exim/exim","events":[{"introduced":"0"},{"last_affected":"74d8288d7a8fa83989968647149ae47ba10194f8"}],"database_specific":{"cpe":"cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"4.87"}],"source":"CPE_RANGE"}}],"versions":["exim-4_87","exim-4_87_RC7","exim-4_87_RC6","exim-4_87_RC5","exim-4_87_RC4","exim-4_84","exim-4_86","exim-4_85","exim-4_87_RC3","exim-4_87_RC2","exim-4_87_RC1","exim-4_86_RC5","exim-4_86_RC4","exim-4_86_RC3","exim-4_86_RC2","exim-4_86_RC1","exim-4_85_RC4","exim-4_85_RC3","exim-4_85_RC2","exim-4_85_RC1","exim-4_84_RC2","exim-4_84_RC1","exim-4_83","exim-4_83_RC3","exim-4_83_RC2","exim-4_83_RC1","exim-4_82","exim-4_82_RC5","exim-4_82_RC4","exim-4_82_RC3","exim-4_82_RC2","exim-4_82_RC1","exim-4_80","exim-4_80_RC7","exim-4_80_RC6","exim-4_80_RC5","exim-4_80_RC4","exim-4_80_RC3","exim-4_80_RC2","exim-4_80_RC1","exim-4_77","exim-4_77_RC4","exim-4_77_RC3","exim-4_77_RC2","exim-4_77_RC1","exim-4_76","exim-4_76_RC2","exim-4_76_RC1","exim-4_75","exim-4_75_RC3","exim-4_75_RC2","exim-4_75_RC1","exim-4_74","exim-4_74_RC1","exim-4_73","exim-4_73_RC1","exim-4_73_RC00","exim-4_72","exim-4_72_RC2","exim-4_72_RC1","exim-4_71","exim-4_70","exim-4_70_RC4","exim-4_70_RC3","DEVEL_PDKIM_START","exim-4_69","exim-4_68","exim-4_67","exim-4_66","exim-4_65","exim-4_64","exim-4_63","exim-4_62","exim-4_61","exim-4_54","exim-4_53","exim-4_52","exim-4_51","exim-4_50"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9963.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}