CVE-2026-40684
Exim Mail Server DNS PTR Record Handling Denial of Service
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exim | exim | to 4.99.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-684 | The code does not function according to its published specifications, potentially leading to incorrect usage. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Exim versions before 4.99.2 on systems that use musl libc instead of glibc. It occurs when malformed DNS data is present in PTR records, causing a crash in the connection instance. The root cause is related to an oddity in the dn_expand function's handling of octal printing.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to crash the connection instance of Exim, leading to a denial of service. This means that the mail server could become unavailable or unstable when processing certain DNS PTR records with malformed data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when Exim is built or run using musl libc and a malformed PTR DNS record causes a remote-triggered crash. Detection involves verifying the Exim build environment and monitoring for crashes triggered by DNS PTR queries.
You can check if Exim is using musl libc by running commands such as:
- ldd --version (to check the libc implementation)
- strings $(which exim) | grep musl (to check for musl references in the binary)
To detect exploitation attempts, monitor Exim logs for crashes or unusual DNS PTR queries, and use network monitoring tools to capture DNS traffic with malformed PTR records.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Verify if your Exim installation is built with musl libc.
- If so, upgrade Exim to version 4.99.2 or later where the vulnerability is fixed.
- If upgrading immediately is not possible, consider restricting or filtering DNS PTR queries to prevent malformed records from reaching the Exim server.
- Monitor Exim logs and system stability to detect and respond to any crash attempts.