#21336 closed enhancement (fixed)
exim-4.98.2
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Contains a fix for CVE-2025-30232 - allowing for a potential privilege escalation.
Security advisory:
# CVE 2025-30232
## Timeline
- 2025/03/13 Report received
- 2025/03/18 ACK sent to reporter
- 2025/03/19 CVE assigned
- 2025/03/19 Distros heads-up mail, to <distros@vs.openwall.org> and <exim-maintainers@lists.exim.org>
- 2025/03/21 14:00 UTC Security Release available for (only) Distros
- 2025/03/25 14:00 UTC Public heads-up notification, to <exim-announce@lists.exim.org>
- 2025/03/26 14:00 UTC Published the changes on https://code.exim.org/exim/exim.git
## Details
A use-after-free is possible, with potential for privilege escalation.
The following conditions have to be met for being vulnerable:
- Exim Version
- 4.96
- 4.97
- 4.98
- 4.98.1
- Command-line access
## Acknowledgements
Thanks to Trend Micro for reporting this issue in a responsible manner.
- Ref: ZDI-CAN-26250
- Email: <zdi-disclosures@trendmicro.com>
Release notes:
Exim version 4.98.2
-------------------
This is a security release, addressing CVE-2025-30232
JH/01 Fix use-after-free notified by Trend Micro (ref: ZDI-CAN-26250).
Null out debug_pretrigger_buf pointer before freeing the buffer;
the use of this buffer by the storage management checks the pointer
for non-null before using it.
Change History (3)
comment:1 by , 11 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 11 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at 9bd08bb480af40b32fead71d1ac14c65ea6f6d64
SA to come soon. I'm in the process of getting a batch of them ready but need to fix an issue in another package first.