[oss-security] CVE-2025-30232: UAF in Exim 4.96 to 4.98.1

The Exim project has announced a potentially (locally-?)exploitable UAF in versions 4.96 through 4.98.1. Bulletin posted to : > # CVE 2025-30232 > ## Timeline > - 2025/03/13 Report received > - 2025/03/18 ACK sent to reporter > - 2025/03/

[oss-security] use-after-free (maybe?) in libspf2

Hi, I recently stumbled upon something, and by sharing it here, I'm hoping that I can shed some light on it. The libspf2 library appears to be the standard way of parsing SPF records in C, but its development has mostly stalled. In the project's github repo, there's an unmerged pull request clai

Re: [oss-security] XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115)

Sam James writes: > Sam James writes: > >> # Impact >> >> The threaded .xz decoder in liblzma has a bug that can at least result >> in a crash (denial of service). The effects include heap use after free >> and writing to an address based on the null pointer plus an offset. >> >> This affects X

[oss-security] CVE-2025-2704 - OpenVPN 2.6.1 through 2.6.13 with possible DoS

The OpenVPN community has released OpenVPN 2.6.14 which includes a critical security fix. This issue is fixed in OpenVPN 2.6.14 which has been released today. - CVE-2025-2704: Fix possible ASSERT() on OpenVPN servers