2476831 – (CVE-2026-45185) CVE-2026-45185 exim: Exim: Arbitrary code execution via use-after-free in BDAT body parsing.

Bug 2476831 (CVE-2026-45185) - CVE-2026-45185 exim: Exim: Arbitrary code execution via use-after-free in BDAT body parsing.

Summary: CVE-2026-45185 exim: Exim: Arbitrary code execution via use-after-free in BDA...

Keywords:
Status:	NEW
Alias:	CVE-2026-45185
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2476994 2476995
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-12 21:03 UTC by OSIDB Bzimport
Modified:	2026-05-13 12:33 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-12 21:03:33 UTC

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

Note You need to log in before you can comment on or make changes to this bug.