New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

nsamag May 12, 2026

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution — Ravie LakshmananMay 12, 2026Vulnerability / Email Security [https://blogger.

new-exim-bdat-vulnerability-exposes-gnutls-builds-to-potential-code-execution

What’s new: Exim has released security updates to address a severe use-after-free vulnerability, tracked as CVE-2026-45185 (Dead.Letter), affecting GnuTLS builds. This vulnerability can lead to memory corruption and potential code execution during BDAT message body handling when a TLS connection is established. The issue affects Exim versions from 4.97 to 4.99.2 that use GnuTLS.

Who’s affected

All Exim installations using GnuTLS (USE_GNUTLS=yes) from versions 4.97 to 4.99.2 are impacted. Builds using other TLS libraries, such as OpenSSL, are not affected.

What to do

  • Upgrade to Exim version 4.99.3 or later as soon as possible to mitigate the vulnerability.

Sources

Related Posts:

More Stories

nsauditor-ai-ee-0-3-9-pi15-dynamodb-api-gateway-plugin-rename

NSAuditor AI EE 0.3.9 — First Matrix Shift Since 0.3.7: New AWS DynamoDB Audit Integrity Plugin (1060) Moves SOC 2 PI1.5 Out-of-Scope → Partial; First Serverless Entry-Point Evidence Plugin (1050 AWS API Gateway); Plugin-ID Range Realignment Closes Silent CE/EE Collision

nsamag May 12, 2026
nsauditor-ai-ee-0-3-7-0-3-8-cloudtrail-soc2-cc72-cc73

NSAuditor AI EE 0.3.7 + 0.3.8 — Paired Release Closes the v0.4.0 Runtime Assurance Stack: New 040 AWS CloudTrail Operational Integrity Auditor Moves SOC 2 CC7.2 + CC7.3 Partial→Covered

nsamag May 12, 2026
nsauditor-ai-ee-0-3-6-soc2-iam-shadow-admin-evidence-integrity

NSAuditor AI EE 0.3.6 Ships — Full SOC 2 IAM Shadow-Admin Evidence-Integrity Sweep

nsamag May 11, 2026

You may have missed

new-exim-bdat-vulnerability-exposes-gnutls-builds-to-potential-code-execution

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

nsamag May 12, 2026
nsauditor-ai-ee-0-3-9-pi15-dynamodb-api-gateway-plugin-rename

NSAuditor AI EE 0.3.9 — First Matrix Shift Since 0.3.7: New AWS DynamoDB Audit Integrity Plugin (1060) Moves SOC 2 PI1.5 Out-of-Scope → Partial; First Serverless Entry-Point Evidence Plugin (1050 AWS API Gateway); Plugin-ID Range Realignment Closes Silent CE/EE Collision

nsamag May 12, 2026
nsauditor-ai-ee-0-3-7-0-3-8-cloudtrail-soc2-cc72-cc73

NSAuditor AI EE 0.3.7 + 0.3.8 — Paired Release Closes the v0.4.0 Runtime Assurance Stack: New 040 AWS CloudTrail Operational Integrity Auditor Moves SOC 2 CC7.2 + CC7.3 Partial→Covered

nsamag May 12, 2026
nsauditor-ai-ee-0-3-6-soc2-iam-shadow-admin-evidence-integrity

NSAuditor AI EE 0.3.6 Ships — Full SOC 2 IAM Shadow-Admin Evidence-Integrity Sweep

nsamag May 11, 2026
weekly-recap-linux-rootkit-macos-crypto-stealer-websocket-skimmers-and-more

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

nsamag May 11, 2026