CVE-2026-45185
Publication date 12 May 2026
Last updated 13 May 2026
Ubuntu priority
Description
A remotely reachable Use-After-Free (UAF) vulnerability has been identified in Exim's BDAT (binary data transmission) body parsing path when using the GnuTLS backend. This vulnerability can lead to heap corruption and potential code execution.
Read the notes from the security team
Why is this CVE high priority?
This results in remote code execution
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| exim4 | 26.04 LTS resolute |
Fixed 4.99.1-1ubuntu1.2
|
| 25.10 questing |
Fixed 4.98.2-1ubuntu2.2
|
|
| 24.04 LTS noble |
Fixed 4.97-4ubuntu4.5
|
|
| 22.04 LTS jammy |
Fixed 4.95-4ubuntu2.8
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Notes
mdeslaur
This was fixed by USN-8270-1, but at the time of publication, the CVE number had not been assigned yet.