Lucene search
K

69 matches found

AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.2 views

Astra Linux – Vulnerability in exim4

In versions of Exim prior to 4.99.3, and under certain GnuTLS configurations, there is a remotely reachable use-after-free in the BDAT body parsing path. This issue is triggered when a client sends a TLS closenotify message during a CHUNKING transfer, followed by a final cleartext byte on the sam...

9.8CVSS7.6AI score0.01225EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2026/05/19 4:26 p.m.267 views

Exploit for CVE-2026-45185

CVE-2026-45185 Nuclei Template Validation Lab This repository...

9.8CVSS6.1AI score0.01225EPSS
Exploits2
NCSC
NCSC
added 2026/05/15 12:8 p.m.16 views

The vulnerability was exploited in Exim.

The developers of Exim introduced a vulnerability in the Exim Mail Transfer Agent versions prior to 4.99.3. This vulnerability involves a use-after-free in the BDAT body parsing process, specifically when certain GnuTLS backend configurations are used. An unauthorized attacker can exploit this...

9.8CVSS6.4AI score0.01225EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2026/05/13 2:21 p.m.12 views

SUSE CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References3
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.11 views

Exim 4.99.2 Memory Corruption

A remotely reachable memory corruption issue was discovered in Exim's GnuTLS backend. The vulnerability is triggered during BDAT message body handling when a client sends a TLS closenotify alert before the body transfer is complete, and then follows up with a final byte in cleartext on the same T...

5.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/05/13 12:0 a.m.4 views

The vulnerability of the ungetc() function in the BDAT/CHUNKING component of the email server Exim, which allows a hacker to execute arbitrary code.

The vulnerability of the ungetc function in the BDAT/CHUNKING component of the email server Exim relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.8AI score0.01225EPSS
Exploits2References5Affected Software2
EUVD
EUVD
added 2026/05/12 9:31 p.m.22 views

EUVD-2026-29824

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8
NVD
NVD
added 2026/05/12 8:16 p.m.30 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS0.01225EPSS
Exploits2References8
OSV
OSV
added 2026/05/12 8:16 p.m.7 views

UBUNTU-CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References6
The Hacker News
The Hacker News
added 2026/05/12 4:44 p.m.17 views

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent MTA designed for Unix-like systems to receive, route, and deliver email. The...

9.8CVSS6.5AI score0.01225EPSS
Exploits2
OSV
OSV
added 2026/05/12 2:53 p.m.13 views

USN-8270-1 exim4 vulnerability

It was discovered that Exim incorrectly handled BDAT body parsing. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2026/05/12 12:0 a.m.12 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/05/12 12:0 a.m.20 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8Affected Software1
CVE
CVE
added 2026/05/12 12:0 a.m.196 views

CVE-2026-45185

Exim (MTA) vulnerability CVE-2026-45185 is a use-after-free in the BDAT body parsing when using GnuTLS. Triggered by a TLS close_notify mid-body during a CHUNKING transfer followed by a final cleartext byte on the same TCP connection, it can cause heap corruption and potential arbitrary code exec...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8Affected Software1
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.82 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS0.01225EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-20510

Malware in sbrugna...

7.5CVSS7.8AI score0.61061EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-6781

Malware in sbrugna...

9.3CVSS7.7AI score0.01009EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.5 views

SUSE CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

7.5CVSS9.1AI score0.6332EPSS
Exploits7References6
OSV
OSV
added 2021/05/20 8:51 a.m.16 views

OPENSUSE-SU-2021:0754-1 Security update for exim

This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update boo1185631 CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28014: Arbitrary PID file creation CVE-2020-28011: Heap buffer overfl...

9.8CVSS8AI score0.82238EPSS
Exploits34References32
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/20 12:0 a.m.71 views

Security update for exim (critical)

openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0754-1 Rating: critical References: 1079832 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-16928 CVE-2020-12783 CVE-2020-28007 CVE-2020-280...

9.8CVSS8AI score0.82238EPSS
Exploits34References5
Rows per page
Query Builder