{"uuid": "1f150b5f-d6d1-40b6-94cc-7bd855a097ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "[exim-announce] Exim 4.99.2 Released (security release)", "description": "https://lists.exim.org/lurker/message/20260429.121733.f58d9686.en.html\n\nAuthor: Bernard Quatermass via Exim-announce\nDate: 2026-04-29 14:17 +200\nTo: Exim Announcements\nCC: Bernard Quatermass\nSubject: [exim-announce] Exim 4.99.2 Released (security release)\nDear Exim users and maintainers,\n\n\nwe are pleased to announce the availability of release 4.99.2 of Exim.\n\nThis is a security release.\n\nIt fixes the following vulnerabilities.\n\nCVE-2026-40684     Possible crash with malicious DNS data when using musl libc\n\n   On systems using musl libc (not glibc) due to an oddity in octal printing\n   it is possible to crash the connection instance when malformed DNS data\n   is present in PTR records.\n\nCVE-2026-40685     Possible OOB read/write on corrupt JSON in header\n\n   configurations using json operators on invalid externally-provided input\n   could trigger heap corruption.\n\nCVE-2026-40686     Possible OOB read with large UTF8 trailing characters\n\n   configurations using utf8 operators on malformed utf8 in headers could\n   trigger OOB reads and might trigger some data leak if error\n   messages are required for subsequent emails in the current connection\n   and similar malformed headers are present.\n\nCVE-2026-40687     Possible OOB read/write with SPA authenticator\n\n   in configurations using the SPA authentication driver to a hostile/compromised\n   external SPA/NTLM connnection it is possible to trigger an OOB read/write\n   and crash the connection instance or possibly leak heap data to the instance.\n\nOlder Exim versions may or may not be vulnerable but are not actively maintained.\n\n\nWe would like to thank the thousands of unnamed and uncredited authors whose\nworks were ingested into the slopbots to \"assist\" in the reports for these vulnerabilities.\n\n\n\nExim 4.99.2 is available:\n\n  * as tarball\n    * https://ftp.exim.org/pub/exim/exim4/\n    * https://code.exim.org/exim/exim/releases\n\n  * directly from Git: https://code.exim.org/exim/exim\n    tag: exim-4.99.2\n\n\nThe signatures on the release tarballs should be\n\n  *  key ID 0xBCE58C8CE41F32DF\n     Email: jgh@???\n\n\n\n-- \nBernard Quatermass", "creation_timestamp": "2026-05-02T04:40:22.033572+00:00", "timestamp": "2026-05-02T04:40:22.033572+00:00", "related_vulnerabilities": ["CVE-2026-40685", "CVE-2026-40686", "CVE-2026-40687", "CVE-2026-40684"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}