9.8 Critical Alert: One-Byte Heap Corruption in Exim Exposes Global Mail Servers to Takeover

Surfaced and summarized by Daniel Miessler from Daily CyberSecurity.

Exim’s GnuTLS path has a one-byte heap corruption bug. CVE-2026-45185 affects versions 4.97 through 4.99.2 and can reach allocator metadata. OpenSSL builds are unaffected, but GnuTLS servers need attention now. Upgrade to 4.99.3 and check exposed mail servers immediately.

Key points

Exim’s GnuTLS path is vulnerable.
A TLS close_notify plus BDAT byte corrupts freed heap metadata in versions 4.97-4.99.2.
OpenSSL builds stay safe here.
The bug needs almost no server-side setup and can reach allocator metadata on default mail servers.
Patch to 4.99.3 and hunt GnuTLS builds.

Read original at Daily CyberSecurity →Open the full Surface feed →← Back to all news

This is one of fifty stories I surfaced this week from Surface — a tiny slice of the full feed.