Primary

Context

Exim Out-of-Bounds Heap Write Vulnerability in JSON Lookup

Vulnerability

Patched

A vulnerability in Exim versions prior to 4.99.2 allows for an out-of-bounds heap write when JSON lookup is enabled. This issue arises from an incorrect implementation of unescaping JSON, which can lead to heap corruption when a JSON operator processes malformed JSON in an untrusted header.

Impact

Exploitation of this vulnerability can cause remote-triggered heap corruption, potentially leading to arbitrary code execution.

Reproduction

To reproduce this vulnerability, configure Exim to use JSON lookup with operators that can process external input. Then, send an email with a header that includes crafted JSON data, deliberately malformed to exploit the unescaping flaw. This will trigger the out-of-bounds write, corrupting the heap.

Remediation

Users can upgrade to Exim version 4.99.2, available as a tarball from the Exim FTP server or directly from Git. Instructions for verifying the release signature are also provided.

Added: Apr 30, 2026, 10:25 PM

Updated: Apr 30, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

8.0

remediation

7.7

relevance

7.1

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

8.0

remediation

7.7

relevance

7.1

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Exim Out-of-Bounds Heap Write Vulnerability in JSON Lookup

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Exim

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating