Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-26794

Опубликовано: 21 фев. 2025
Источник: debian

Описание

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

Пакеты

ПакетСтатусВерсия исправленияРелизТип
exim4fixed4.98-4package
exim4not-affectedbookwormpackage
exim4not-affectedbullseyepackage

Примечания

  • Debian binaries do not yet use sqlite for for the hints DB as of up to

  • Version at least 4.98-3.

  • Fixed by: https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305 (exim-4.98.1)

  • https://exim.org/static/doc/security/CVE-2025-26794.txt

Связанные уязвимости

CVSS3: 7.5
ubuntu
около 1 года назад

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

CVSS3: 7.5
redhat
около 1 года назад

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

CVSS3: 7.5
nvd
около 1 года назад

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

CVSS3: 7.5
github
около 1 года назад

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость функций SQLite hints и ETRN serialization почтового сервера Exim, позволяющая нарушителю вызвать отказ в обслуживании