Описание
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-26794
- https://github.com/NixOS/nixpkgs/pull/383926
- https://github.com/openbsd/ports/commit/584d2c49addce9ca0ae67882cc16969104d7f82d
- https://bugzilla.suse.com/show_bug.cgi?id=1237424
- https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305
- https://exim.org
- https://github.com/Exim/exim/wiki/EximSecurity
- https://www.exim.org/static/doc/security/CVE-2025-26794.txt
- http://www.openwall.com/lists/oss-security/2025/02/19/1
- http://www.openwall.com/lists/oss-security/2025/02/21/4
- http://www.openwall.com/lists/oss-security/2025/02/21/5
Связанные уязвимости
CVSS3: 7.5
ubuntu
10 месяцев назад
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
CVSS3: 7.5
redhat
10 месяцев назад
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
CVSS3: 7.5
nvd
10 месяцев назад
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
CVSS3: 7.5
debian
10 месяцев назад
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are ...
CVSS3: 7.5
fstec
10 месяцев назад
Уязвимость функций SQLite hints и ETRN serialization почтового сервера Exim, позволяющая нарушителю вызвать отказ в обслуживании