CVE-2026-40684

Summary

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

Affected Software

VendorProductVersion RangeStatus
EximExim0 < 4.99.2affected

Weaknesses

  • CWE-684: CWE-684 Incorrect Provision of Specified Functionality

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References