PT-2026-36195 · Exim · Exim
Bernard Quatermass
·
Published
2026-04-30
·
Updated
2026-05-04
·
CVE-2026-40684
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Exim versions prior to 4.99.2
Description
On systems using musl libc (instead of glibc), an attacker can crash the connection instance by providing malformed DNS data in PTR records. This issue stems from an oddity in octal printing within the
dn expand() function.Recommendations
Update to version 4.99.2 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exim