# CVE 2025-30232 ## Details A use-after-free is possible, with potential for privilege escalation. The following conditions have to be met for being vulnerable: - Exim Version - 4.96 - 4.97 - 4.98 - 4.98.1 - Command-line access Reproducible: Always I found only patch in 4.98 branch maybe because 4.97 eol was 10 Jul 2024 (8 months ago): https://code.exim.org/exim/exim/commits/branch/exim-4.98+fixes https://code.exim.org/exim/exim/commit/4338bbe48a80dbfb7d75cbb8ac4789b02720f15e
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f99d3ec97d00fbf7938720e294e3a40b54e76a3 commit 1f99d3ec97d00fbf7938720e294e3a40b54e76a3 Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2025-04-05 08:35:59 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2025-04-05 08:37:35 +0000 mail-mta/exim-4.98.2: version bump (CVE-2025-30232) Bug: https://bugs.gentoo.org/952139 Bug: https://bugs.gentoo.org/947916 Signed-off-by: Fabian Groffen <grobian@gentoo.org> mail-mta/exim/Manifest | 2 ++ mail-mta/exim/{exim-4.98.ebuild => exim-4.98.2.ebuild} | 3 ++- mail-mta/exim/files/exim-4.98-tidydb-crash.patch | 16 ++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-)
