CVE-2018-6789

Publication date 7 February 2018

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
exim4	17.10 artful	Fixed 4.89-5ubuntu1.3
	16.04 LTS xenial	Fixed 4.86.2-2ubuntu2.3
	14.04 LTS trusty	Fixed 4.82-3ubuntu2.4

How can I get the fixes?
What do statuses mean?

Severity score breakdown

Parameter	Value
Base score	9.8 · Critical
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-3565-1
Exim vulnerability
12 February 2018

Other references

http://www.openwall.com/lists/oss-security/2018/02/07/2
https://exim.org/static/doc/security/CVE-2018-6789.txt
https://www.cve.org/CVERecord?id=CVE-2018-6789
https://www.cisa.gov/known-exploited-vulnerabilities-catalog