Source

openwall.com

1 article citing this source

NewsMay 13

XBOW Discloses 'Dead.Letter' Use-After-Free in Exim's BDAT Path, CVSS 9.8 Pre-Auth RCE Against GnuTLS Builds 4.97 to 4.99.2

CVE-2026-45185, found by XBOW's Federico Kirschbaum and patched in Exim 4.99.3, lets an unauthenticated SMTP client corrupt the heap via a TLS close_notify during a CHUNKING transfer.

5 min read6 sources