CVE-2026-40684

· NIST NVD ↗

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

MEDIUM
CVSS severity
5.9
CVSS base score
2026-04-30
Published

CWE codes

CWE-684

Affected products

exim:exim

Sources