New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Summary
Exim, a widely used open-source Mail Transfer Agent (MTA), has released security updates to fix a critical vulnerability. The issue, identified as CVE-2026-45185 and nicknamed "Dead.Letter," is a use-after-free flaw that can lead to memory corruption and potential code execution on affected systems.
IFF Assessment
This vulnerability allows attackers to achieve code execution, posing a direct threat to the integrity and security of mail servers.
Severity
The vulnerability is a use-after-free flaw leading to memory corruption and potential code execution, which is a severe impact. It can be exploited remotely without authentication, making it highly dangerous.
Defender Context
This critical vulnerability in Exim, a common mail server, means administrators must prioritize applying the latest security updates. Failure to do so could lead to compromised mail infrastructure, allowing attackers to gain control of servers and potentially intercept or manipulate email communications.