Bernard Quatermass

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.99.2 **Description** On systems using musl libc (instead of glibc), an attacker can crash the connection instance by providing malformed DNS data in PTR records. This issue stems from an oddity in octal printing within the `dn expand()` function. **Recommendations** Update to version 4.99.2 or later.

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.99.2 **Description** An out-of-bounds heap write can occur when JSON lookup is enabled. This happens when a JSON operator encounters malformed JSON in an untrusted header due to an incorrect implementation of backslash skipping. **Recommendations** Update to version 4.99.2 or later. As a temporary workaround, disable the JSON lookup feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.99.2 **Description** An out-of-bounds read occurs when utf8 operators are enabled and malformed UTF-8 header data containing large UTF-8 trailing characters is processed. This may lead to the disclosure of information within an error message generated during the handling of an unrelated e-mail message. **Recommendations** Update to version 4.99.2 or later.

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.99.2 **Description** When the SPA authentication driver is used with an adversarial SPA resource, an out-of-bounds write can occur, leading to a crash of the connection instance. Additionally, erroneous data processing may result in the disclosure of data from uninitialized heap memory. **Recommendations** Update to version 4.99.2 or later.