Primary

Context

Exim Out-of-Bounds Write Vulnerability in SPA Authentication Driver

Vulnerability

Patched

A vulnerability in Exim versions prior to 4.99.2 allows for an out-of-bounds write when the SPA authentication driver is used with a malicious SPA resource. This can lead to a crash of the connection instance or cause erroneous data processing that exposes information from uninitialized heap memory.

Impact

Exploitation of this vulnerability can cause a remote-triggered crash of the connection process, not the daemon, and may result in unauthorized information disclosure from heap memory.

Remediation

Users can upgrade to Exim version 4.99.2, available as a tarball from the Exim FTP site or directly from Git. Instructions for verifying the release signature are also provided.

Added: Apr 30, 2026, 10:24 PM

Updated: Apr 30, 2026, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.3

exploitability

7.5

remediation

7.7

relevance

6.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.3

exploitability

7.5

remediation

7.7

relevance

6.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Exim Out-of-Bounds Write Vulnerability in SPA Authentication Driver

Vulnerability

Impact

Remediation

Affected Products

Exim

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating