Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionCVE.org
In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.
AnalysisAI
Denial of service in Exim before 4.99.2 on musl libc systems allows remote attackers to crash mail server connection instances by sending malformed DNS PTR records that trigger an octal printing bug in the dn_expand function. The vulnerability requires high network complexity to exploit but results in service unavailability for affected connections. No patch version confirmation available from provided references.
Technical ContextAI
Exim is a widely-deployed mail transfer agent (MTA) that processes incoming mail connections and performs DNS lookups, including reverse DNS (PTR) queries for sender verification. The vulnerability exists in how Exim handles DNS response parsing on systems using musl libc rather than glibc. The musl C library implements dn_expand (a DNS name decompression function) differently, and when processing malformed or maliciously crafted PTR records, an edge case in octal character printing causes memory corruption or buffer issues that crash the connection handler. CWE-684 (Incorrect Provision of Specified Functionality) indicates the root cause is improper handling of the DNS parsing output under musl-specific conditions.
RemediationAI
Upgrade Exim to version 4.99.2 or later, which corrects the octal printing handling in DNS response parsing. For systems unable to immediately patch, restrict inbound SMTP connections to trusted networks or implement rate-limiting on connection attempts to reduce the window for exploitation. Alternative mitigations include disabling PTR lookups in Exim's configuration (set 'host_lookup = no' in main config section) if not required for your mail policy, though this may impact sender verification and reputation checks. Organizations using Alpine Linux or musl-based Exim containers should prioritize patching through package manager updates or rebuilding container images with Exim 4.99.2. Monitor Exim logs for connection crashes and correlate with DNS lookup activity. Note: disabling PTR lookups may reduce security visibility; verify this aligns with your authentication and reputation framework before deploying.
Same technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26442