CVSS 4.8 · MEDIUM
CVE-2026-40687
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
Ver en NVDSeveridad
Puntaje: 4.8(MEDIUM)
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:LAV: NETWORK
AC: HIGH
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: NONE
A: LOW
Tipo de falla (CWE):
CWE-909EPSS
Probabilidad de explotación (próx. 30 días): 0.0008 (0.1%)
Percentil: 22.7%
EPSS: 2026-05-06
Afecta
exim:eximDescripción técnica
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
Publicada: 30/4/2026, 22:16:25
Última modificación: 1/5/2026, 19:17:51