A corrective release of the mail server Exim 4.99.4 has been published to address a vulnerability that could potentially leak 16 uninitialized bytes from the stack of the handler process in the return IPv6 address information to the client in the SMTP Hello header. This vulnerability, identified as CVE-2026-48840, could be exploited to determine the memory layout in configurations with address randomization (ASLR).
The issue affects Exim versions 4.88 and above, specifically on systems using the hosts_proxy setting and Exim assemblies compiled with the SUPPORT_PROXY option. This option is enabled by default on distributions such as Debian, Ubuntu, RHEL EPEL, and Fedora. The vulnerability arises from a lack of proper frame size checking when processing requests using the PROXYv2 protocol.