VYPR
Medium severity5.9NVD Advisory· Published Apr 30, 2026· Updated May 1, 2026

CVE-2026-40684

CVE-2026-40684

Description

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Exim/Exim2 versions
    cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*range: <4.99.2
    • (no CPE)range: <4.99.2

Patches

Vulnerability mechanics

References

5

News mentions

1