Description
In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.
References (5)
Scores
CVSS v3
5.9
EPSS
0.0005
EPSS Percentile
14.8%
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-684
Status
published
Products (1)
Exim/Exim
< 4.99.2
Published
Apr 30, 2026
Tracked Since
May 01, 2026