Updated: 2025-12-28 03:23:03.104804
Description:
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | exim | 4.98 | 9.8 | CRITICAL | In Testing | 2026-01-13 21:05:29 | ||
| Alpine Linux 3.18 ELS | exim | 4.96.2 | 9.8 | CRITICAL | Not Vulnerable | 2026-02-09 10:36:56 | ||
| CentOS 6 ELS | exim | 4.92.3 | 9.8 | CRITICAL | Not Vulnerable | 2025-12-30 21:17:00 | ||
| CentOS 7 ELS | exim | 4.97.1 | 9.8 | CRITICAL | Not Vulnerable | 2025-12-30 21:17:01 | ||
| CentOS 8.4 ELS | exim | 4.94.2 | 9.8 | CRITICAL | Not Vulnerable | 2026-01-04 15:15:34 | ||
| CentOS 8.5 ELS | exim | 4.94.2 | 9.8 | CRITICAL | Not Vulnerable | 2026-01-04 15:15:34 | ||
| Oracle Linux 6 ELS | exim | 4.92.3 | 9.8 | CRITICAL | Not Vulnerable | 2025-12-30 21:16:59 | ||
| TuxCare 9.6 ESU | exim | 4.99 | 9.8 | CRITICAL | Not Vulnerable | 2025-12-30 21:16:56 | ||
| Ubuntu 16.04 ELS | exim | 4.86.2 | 9.8 | CRITICAL | Not Vulnerable | 2025-12-29 17:03:33 | ||
| Ubuntu 18.04 ELS | exim | 4.90.1 | 9.8 | CRITICAL | Not Vulnerable | 2025-12-29 17:03:30 |