Lucene search
K

9 matches found

AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.2 views

Astra Linux – Vulnerability in exim4

In versions of Exim prior to 4.99.3, and in certain GnuTLS configurations, there is a remotely reachable use-after-free in the BDAT body parsing path. This issue is triggered when a client sends a TLS closenotify message during a CHUNKING transfer, followed by a final cleartext byte on the same T...

9.8CVSS7.8AI score0.01225EPSS
Exploits2References3
NCSC
NCSC
added 2026/05/15 12:8 p.m.16 views

The vulnerability was exploited in Exim.

The developers of Exim introduced a vulnerability in the Exim Mail Transfer Agent versions prior to 4.99.3. This vulnerability involves a use-after-free in the BDAT body parsing process, specifically when certain GnuTLS backend configurations are used. An unauthorized attacker can exploit this...

9.8CVSS6.4AI score0.01225EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2026/05/13 2:21 p.m.11 views

SUSE CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References3
EUVD
EUVD
added 2026/05/12 9:31 p.m.21 views

EUVD-2026-29824

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8
OSV
OSV
added 2026/05/12 2:53 p.m.12 views

USN-8270-1 exim4 vulnerability

It was discovered that Exim incorrectly handled BDAT body parsing. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2026/05/12 12:0 a.m.12 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.71 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS0.01225EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/05/12 12:0 a.m.19 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8Affected Software1
CVE
CVE
added 2026/05/12 12:0 a.m.189 views

CVE-2026-45185

Exim (MTA) vulnerability CVE-2026-45185 is a use-after-free in the BDAT body parsing when using GnuTLS. Triggered by a TLS close_notify mid-body during a CHUNKING transfer followed by a final cleartext byte on the same TCP connection, it can cause heap corruption and potential arbitrary code exec...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8Affected Software1
Rows per page
Query Builder