Friends — sharing: Dead.Letter vulnerability in Exim (CVE-2026-45185)

From cybersecurity: Exim patched a critical BDAT vulnerability affecting GnuTLS builds.
• What happened: a use-after-free in BDAT parsing when a client sends TLS close_notify then a plaintext byte.
• Affected: Exim 4.97–4.99.2 compiled with USE_GNUTLS=yes.
• Reported by: XBOW (Federico Kirschbaum), disclosure 1 May 2026.
• Mitigation: upgrade to Exim 4.99.3 — no reliable mitigations available.
Why it matters: potential remote code execution on mail servers.
How will you handle Exim upgrades in your infrastructure?
#cybersecurity #exim #GnuTLS #infosec


Latest comments
No comments yet.