Описание
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| exim4 | fixed | 4.98-4 | package | |
| exim4 | not-affected | bookworm | package | |
| exim4 | not-affected | bullseye | package |
Примечания
Debian binaries do not yet use sqlite for for the hints DB as of up to
Version at least 4.98-3.
Fixed by: https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305 (exim-4.98.1)
https://exim.org/static/doc/security/CVE-2025-26794.txt
EPSS
Связанные уязвимости
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
Уязвимость функций SQLite hints и ETRN serialization почтового сервера Exim, позволяющая нарушителю вызвать отказ в обслуживании
EPSS