CVE-2026-45185
CriticalSummary
Exim versions before 4.99.3, in certain GnuTLS configurations, has a use-after-free vulnerability in the BDAT body parsing path. This can lead to heap corruption when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection.
Risk Assessment
An unauthenticated network attacker could exploit this vulnerability to execute arbitrary code, posing a serious security threat to the system.
Recommendation
It is recommended to update Exim to version 4.99.3 or newer to mitigate this vulnerability. Additionally, reviewing GnuTLS configurations for enhanced security is advisable.
Original NVD description (English source)
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

