CVE-2026-40684

MEDIUM

Exim < 4.99.2 - Denial of Service via Malformed DNS PTR Record

Title source: llm

Description

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

References (6)

Core 6

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2026/05/01/11

https://exim.org/static/doc/security/CVE-2025-40684.txt

https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81

https://www.openwall.com/lists/oss-security/2026/04/30/21

https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment

https://exim.org/static/doc/security/CVE-2026-40684.txt

Scores

CVSS v3 5.9

EPSS 0.0036

EPSS Percentile 27.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-684

Status published

Products (2)

Exim/Exim < 4.99.2

exim/exim < 4.99.2

Published Apr 30, 2026

Tracked Since May 01, 2026