Upstream information
Description
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
SUSE Bugzilla entry: 1263677 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Wed Apr 29 16:00:22 2026CVE page last modified: Fri May 1 11:30:02 2026