CVE-2025-26794
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-26794
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-26794.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-26794
- Downstream
- Related
- Published
- 2025-02-21T13:15:11Z
- Modified
- 2025-10-27T13:20:06.438025Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
- References
-
- https://bugzilla.suse.com/show_bug.cgi?id=1237424
- https://github.com/Exim/exim/wiki/EximSecurity
- https://github.com/NixOS/nixpkgs/pull/383926
- https://www.exim.org/static/doc/security/CVE-2025-26794.txt
- http://www.openwall.com/lists/oss-security/2025/02/19/1
- http://www.openwall.com/lists/oss-security/2025/02/21/4
- http://www.openwall.com/lists/oss-security/2025/02/21/5
- https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305
- https://github.com/openbsd/ports/commit/584d2c49addce9ca0ae67882cc16969104d7f82d
- https://exim.org
Affected packages
Git / github.com/exim/exim
Database specific
vanir_signatures
[
{
"id": "CVE-2025-26794-1b903e08",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "148725867819182956936752134790832150134",
"length": 601.0
},
"target": {
"file": "src/src/hintsdb.h",
"function": "exim_dbdel"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-917c7987",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "46742830344892368133072186306296245629",
"length": 193.0
},
"target": {
"file": "src/src/hintsdb.h",
"function": "dbfn_bdb_error_callback"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-95f916f7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "243616656671836943472228510956278154711",
"length": 1225.0
},
"target": {
"file": "src/src/hintsdb.h",
"function": "exim_s_dbp"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-b237b29d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "268677398440697662868602003637066546428",
"length": 156.0
},
"target": {
"file": "src/src/hintsdb.h",
"function": "exim_dbput"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-c4a551b5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "155543135314952572835330634681981350513",
"length": 41440.0
},
"target": {
"file": "src/src/smtp_in.c",
"function": "smtp_setup_msg"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-d54f2d7f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "116611179865209628663186646761736053723",
"length": 569.0
},
"target": {
"file": "src/src/hintsdb.h",
"function": "exim_dbscan"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-de8ab846",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "207399069500151124187348379183959988181",
"length": 697.0
},
"target": {
"file": "src/src/hintsdb.h",
"function": "exim_dbget__"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-f2e12478",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"104333301718614520042237545660426404643",
"281731423918050686732776405612417320578",
"246197553116244389352886573696191116679",
"329076916876808955282561561399720326199",
"241540449516127146284402926913992959558",
"23533908735548036406741171948370759683",
"301802490306552575116350506887999212802",
"171475402526338015424612483969421728074",
"230113491624450043785875864402090207283"
],
"threshold": 0.9
},
"target": {
"file": "src/src/smtp_in.c"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-f5df6391",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "268716916991380916806278716212516305799",
"length": 586.0
},
"target": {
"file": "src/src/hintsdb.h",
"function": "exim_dbget"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
},
{
"id": "CVE-2025-26794-fe18b231",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"52396589401734542382053507881643025336",
"30592778057165639158060121747272894505",
"234816703873579015154379097889013194925",
"251040368330839147076851144325548589586",
"253577226119195957615012511959013675635",
"109948538359689708887442985505757609677",
"260695173232727043425344254927147877145",
"183910441549935237326162802155914335335",
"71469012066454875100930551494559915360",
"330421190631311305584860714179665547945",
"237404681945817859364866374267117012750",
"165929979266002255155601586386651558134",
"303596907777041612447411070987623505426",
"34090180628285621385418973125616938859",
"285144300372567138195227926148235370895",
"167356505111485993350372347461638865967",
"245714496636504360387222856992915780371",
"203398479408962313749657935392333501409",
"237165123797155276798951408031265301966",
"172941934701707913038148932837609558921",
"184055522004178465134396669156930617628",
"49960035801520753741384598499760289888",
"40021979572643414118019935001822461326",
"284092134854601965673214051284210989066",
"60684320033564259931898468425480947972",
"132715304486571614252410848775292088691",
"29505175544911374713003810375745106701",
"116137197462281877788218246269475729186",
"97942633288280532013768720239255984833",
"15034898805554144274959804448970913263",
"237898234256577791592890399287478164869",
"178438611174550804140085246815089821087",
"233432871044315922374280144382435205765",
"150302575770030933443359289206884327273",
"264183254873953537389029009320395061692",
"227571908833653646248275615555446617330",
"217565939343738691784322621015877424506",
"83339165692389101426215385506273662894",
"160056952348219886257912910023132542501",
"218903602182646613237819707430449550775",
"212782307502960295550751607361648589007",
"70797141627473479694621978222937280537",
"76621801870830128225150706569740800320",
"314752681095366098896523475362741877169",
"156505232663157204596573487346667575291",
"6569877431226688015661411394689619824",
"280988340915481011210675230954570261382",
"270941984860093107233872028151321114867",
"277263995925024413620792816875502689584",
"27852368437577753789351673477119441099",
"214543361455083577286344829271503272926",
"41072102195410977456533082723425123707",
"164543428412142313677565853532745919123",
"204571399585726099408053696901782533283",
"16560705647691062620259507294910694649",
"270956212438297396914457836451551441953",
"24404799785616015997152876536647568643",
"87717125244685467962395814173363442331",
"80960869231325002717540327062541405980",
"39695556201785887963457458808173529173",
"129858579354318955428716155349682202251",
"83672866384495541787612531948229856755",
"45906118438534099259836767321041929973",
"101622871777432527440731623580237391968",
"124804687437816938239857710372660679043",
"104912668646855798786405652287303132383",
"243739838942667357981512699797527749439",
"88936512222707275017703164677749153100",
"129623387308049263984620306026557870717",
"93887678542369807114233775967470463700",
"198443897222844370259279453079015474253",
"334654061642260202319807923748903537392",
"338149611422198553438538320774146939591",
"104294333971908097911445964976180707448",
"318503421912498842319889763871562789677",
"240717447618958341498049405742650070432",
"301854788402459223459106080173752797199",
"4037830267589998819968202503445699783",
"323580719537044971306243272056995093966",
"122051184911845959304021936451197079275",
"153631962093784438545646155035717757309",
"138650270927785714566887521554936354186",
"18936049144717039896429501378678438188",
"65394285566204643750080075951930590330",
"132555573298020927293938941481908527333",
"98777263417333087669578774013707556230",
"74926982975401181469763116735028913771",
"237964006862320778452215151061498262627",
"253561497534995099670152778115410996023",
"58715600761557472842159961145570092325",
"47083836768228165448537456301785344824",
"171707118303222258656746157287669864748",
"72930413502305656889812513219407593562",
"212579271635503021678151623511552840011",
"221239388655891558374799263886457038198",
"307429690108615951842123590091492123575",
"196023212663618175956138613848027558273",
"332148296962908343385664633248065862871",
"74217379322579283031838215269704654596",
"308367935819254540691944908043093995424",
"266577025820179814794165866548341268542",
"85899726300184466211028397520761722161",
"206710629455366842361764645232640010795",
"191957511377954541270680175384065402568",
"242854680955648067787396609284450360217",
"146348111830808409843641756154773689103",
"215620668153114375428985450005733041990",
"196684085563183266834605622375070084511",
"205468879262875687776430754286569349365",
"115287207919541292359805850132452882477",
"193138084500743498058579498334195890612",
"214341277484100410998199710037721717583",
"3341041674253977601642488083757113149",
"325050599645153118988377330281658088777",
"160056952348219886257912910023132542501",
"156719905327055860092507501442342504200",
"151392389803648272667963541287096439104",
"319774199810784059093070908364721202948",
"307766967172842514041238701966173902304",
"193367735923290453397761934955211104698",
"313662978610574407334606585004542778009",
"92777208971010065249357092583822822377",
"76587436968239693982312937229803603776",
"204673519934998135706191239481366705267",
"267046260506887739575144930160014343220",
"305819911070414919127004242253781199271",
"257159096783997622604749243329169728550",
"80164415938843454748877147479962877669",
"276909172254111370026004703031433691652",
"171842794924782106557044613897408685424",
"73179748004362134643338345770702779710",
"230807035834584931762343398066730630546",
"314504956270265522937223776279040548784",
"199991401241212840027943771317409656287",
"178319657540140571403604212021430145053",
"262092875198902294417509440801715014874",
"218154134632378106301796023832660116039",
"313359390069963511436438438357177232333",
"261006340388353202591625741436471887047",
"182735637483688215806212264774671633505",
"273249052672479293474946577783468124927",
"278942354362755557084989049306371290606",
"27080718682581886336710646905535418117",
"257513558021818883044676796643407755825",
"307386031830266497270806681173190670749",
"79322595645207828787312695845019957291",
"121596955936301461618533309849278381479",
"73290572711615186479402676014593631794",
"153156093751985832478059133045724475397",
"94455651549518115581045803931148761355",
"324408174513385963837512451752525750416",
"110784045061080552518212474633923541159",
"223722804512431996028422721713035988882",
"256646608163652674053135929613981872479",
"108009684736693329273552893866728021036",
"268086177219358621823367674676609238939",
"260986185217444165364076232949541055742",
"230676892902337614375922212520692700622",
"316178634150156914988497467569978734767",
"201709107646166637122886162297179362283",
"24356493300145283842163637878620764285",
"161706559742409212866451523523043717661",
"46022683955527035170531554291035172645",
"5328263376567291584488574305893856989",
"119251494605293685590849387184836743030",
"232890752161978066482447917167689725939",
"127962343256346573845377439646139977596",
"219508661760337179196707800118080991627",
"224860444937375957379379742678494313123",
"265026473512013665963662672450019881857",
"11878493355325042252048915424927645464",
"161656432597348655708213550118635499952",
"144951650559065126624115499695694419959",
"202239253040365968149782137564736566721",
"178603183006230096232156877485211064606",
"335272025162124787787142312395818303509",
"304256233195876278984097924502479731283"
],
"threshold": 0.9
},
"target": {
"file": "src/src/hintsdb.h"
},
"source": "https://github.com/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"
}
]