CVE-2026-40684

NameCVE-2026-40684
DescriptionIn Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
exim4 (PTS)bullseye4.94.2-7+deb11u3vulnerable
bullseye (security)4.94.2-7+deb11u4vulnerable
bookworm, bookworm (security)4.96-15+deb12u7vulnerable
trixie4.98.2-1vulnerable
forky, sid4.99.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
exim4source(unstable)4.99.2-1unimportant

Notes

Fixed by: https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81
Debian builds with glibc
Search for package or bug name: Reporting problems