CVE-2025-30232 - log back

CVE-2025-30232 edited at 26 Mar 2025 19:18:05
Description
- A use-after-free is possible, with potential for privilege escalation.
+ A use-after-free has been discovered in exim that can lead to potential privilege escalation due to the lack of nulling out the debug_pretrigger_buf pointer before freeing the buffer by the storage management.
CVE-2025-30232 created at 26 Mar 2025 19:04:19
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ A use-after-free is possible, with potential for privilege escalation.
References
+ https://exim.org/static/doc/security/CVE-2025-30232.txt
+ https://lists.exim.org/lurker/message/20250326.140105.6b97555b.en.html
+ https://code.exim.org/exim/exim/commit/be040d7df68a8cbb244aaabc37832984dafcbf55
Notes
+ Introduced after: https://code.exim.org/exim/exim/commit/19fdbfb4a2b6ca4a6a96ef52be848f0a23e2414f (exim-4.96-RC0)