TROYANOSYVIRUS
Volver a CVEs

CVE-2026-40684

MEDIUM
5.9

Descripcion

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

Detalles CVE

Puntuacion CVSS v3.15.9
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/30/2026
Ultima modificacion5/1/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

exim:exim

Debilidades (CWE)

CWE-684

Referencias

https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81(cve@mitre.org)
https://exim.org/static/doc/security/CVE-2026-40684.txt(cve@mitre.org)
https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2026/04/30/21(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2026/05/01/11(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.