NIXPKGS-2026-1548

GitHub issue published on

Permalink CVE-2026-45185

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 1 week, 5 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse ignored
2 references
- https://exim.org
- https://code.exim.org/exim/wiki/wiki/Ex…
1 week, 5 days ago
@LeSuisse accepted 1 week, 5 days ago
@LeSuisse published on GitHub 1 week, 5 days ago

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely …

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

References

Ignored references (2)

Affected products

Exim

<4.99.3

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.2
- nixpkgs-unstable 4.99.2
- nixos-unstable-small 4.99.2
nixos-25.11 4.99.2
- nixos-25.11-small 4.99.2
- nixpkgs-25.11-darwin 4.99.2

Package maintainers

@dasJ Janne Heß <janne@hess.ooo>
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
@4z3 Tomislav Viljetić <tv@krebsco.de>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1548

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers