TROYANOSYVIRUS
Voltar para CVEs

CVE-2026-40684

MEDIUM
5.9

Descricao

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

Detalhes CVE

Pontuacao CVSS v3.15.9
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/30/2026
Ultima modificacao5/1/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

exim:exim

Fraquezas (CWE)

CWE-684

Referencias

https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81(cve@mitre.org)
https://exim.org/static/doc/security/CVE-2026-40684.txt(cve@mitre.org)
https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2026/04/30/21(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2026/05/01/11(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.