Nixpkgs security tracker

Permalink CVE-2026-45185

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 1 week, 5 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse ignored
2 references
- https://exim.org
- https://code.exim.org/exim/wiki/wiki/Ex…
1 week, 5 days ago
@LeSuisse accepted 1 week, 5 days ago
@LeSuisse published on GitHub 1 week, 5 days ago

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely …

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

References

Ignored references (2)

Affected products

Exim

<4.99.3

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.2
- nixpkgs-unstable 4.99.2
- nixos-unstable-small 4.99.2
nixos-25.11 4.99.2
- nixos-25.11-small 4.99.2
- nixpkgs-25.11-darwin 4.99.2

Package maintainers

@dasJ Janne Heß <janne@hess.ooo>
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
@4z3 Tomislav Viljetić <tv@krebsco.de>

Permalink CVE-2026-40684

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 weeks, 2 days ago by @LeSuisse Activity log

Created suggestion 3 weeks, 3 days ago
@LeSuisse ignored
4 maintainers
- @4z3
- @dasJ
- @Conni2461
- @helsinki-Jo
3 weeks, 2 days ago maintainer.ignore
@LeSuisse accepted 3 weeks, 2 days ago
@LeSuisse published on GitHub 3 weeks, 2 days ago

In Exim before 4.99.2, on systems using musl libc (not …

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

References

Affected products

Exim

<4.99.2

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.1
- nixos-unstable-small 4.99.1
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.1
- nixpkgs-25.11-darwin 4.99.1

Package maintainers

Ignored maintainers (4)

@4z3 Tomislav Viljetić <tv@krebsco.de>
@dasJ Janne Heß <janne@hess.ooo>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>

Permalink CVE-2026-40685

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): High (H)

updated 3 weeks, 2 days ago by @LeSuisse Activity log

Created suggestion 3 weeks, 3 days ago
@LeSuisse ignored
4 maintainers
- @4z3
- @dasJ
- @Conni2461
- @helsinki-Jo
3 weeks, 2 days ago maintainer.ignore
@LeSuisse accepted 3 weeks, 2 days ago
@LeSuisse published on GitHub 3 weeks, 2 days ago

In Exim before 4.99.2, when JSON lookup is enabled, an …

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.

References

Affected products

Exim

<4.99.2

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.1
- nixos-unstable-small 4.99.1
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.1
- nixpkgs-25.11-darwin 4.99.1

Package maintainers

Ignored maintainers (4)

@4z3 Tomislav Viljetić <tv@krebsco.de>
@dasJ Janne Heß <janne@hess.ooo>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>

Permalink CVE-2026-40686

3.7 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 3 weeks, 2 days ago by @LeSuisse Activity log

Created suggestion 3 weeks, 3 days ago
@LeSuisse ignored
4 maintainers
- @4z3
- @Conni2461
- @dasJ
- @helsinki-Jo
3 weeks, 2 days ago maintainer.ignore
@LeSuisse accepted 3 weeks, 2 days ago
@LeSuisse published on GitHub 3 weeks, 2 days ago

In Exim before 4.99.2, when utf8 operators are enabled, there …

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.

References

Affected products

Exim

<4.99.2

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.1
- nixos-unstable-small 4.99.1
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.1
- nixpkgs-25.11-darwin 4.99.1

Package maintainers

Ignored maintainers (4)

@4z3 Tomislav Viljetić <tv@krebsco.de>
@dasJ Janne Heß <janne@hess.ooo>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>

Permalink CVE-2026-40687

4.8 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 3 weeks, 2 days ago by @LeSuisse Activity log

Created suggestion 3 weeks, 3 days ago
@LeSuisse ignored
4 maintainers
- @4z3
- @Conni2461
- @dasJ
- @helsinki-Jo
3 weeks, 2 days ago maintainer.ignore
@LeSuisse accepted 3 weeks, 2 days ago
@LeSuisse published on GitHub 3 weeks, 2 days ago

In Exim before 4.99.2, when the SPA authentication driver is …

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.

References

Affected products

Exim

<4.99.2

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.1
- nixos-unstable-small 4.99.1
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.1
- nixpkgs-25.11-darwin 4.99.1

Package maintainers

Ignored maintainers (4)

@4z3 Tomislav Viljetić <tv@krebsco.de>
@dasJ Janne Heß <janne@hess.ooo>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers