CVE-2018-6789
- Source
- https://cve.org/CVERecord?id=CVE-2018-6789
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6789.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-6789
- Downstream
- Related
- Published
- 2018-02-08T23:29:01.170Z
- Modified
- 2026-04-11T12:09:35.854977Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "extracted_events": [ { "last_affected": "14.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "extracted_events": [ { "last_affected": "16.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "17.10" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "9.0" } ] } ] }- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6789
- http://openwall.com/lists/oss-security/2018/02/10/2
- http://www.openwall.com/lists/oss-security/2018/02/07/2
- http://www.securityfocus.com/bid/103049
- http://www.securitytracker.com/id/1040461
- https://exim.org/static/doc/security/CVE-2018-6789.txt
- https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html
- https://usn.ubuntu.com/3565-1/
- https://www.debian.org/security/2018/dsa-4110
- https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
- http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html
- https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
- https://www.exploit-db.com/exploits/44571/
- https://www.exploit-db.com/exploits/45671/
Affected packages
Git / github.com/exim/exim
Affected versions
Other
DEVEL_PDKIM_START
exim-4_50
exim-4_51
exim-4_52
exim-4_53
exim-4_54
exim-4_61
exim-4_62
exim-4_63
exim-4_64
exim-4_65
exim-4_66
exim-4_67
exim-4_68
exim-4_69
exim-4_70
exim-4_70_RC3
exim-4_70_RC4
exim-4_71
exim-4_72
exim-4_72_RC1
exim-4_72_RC2
exim-4_73
exim-4_73_RC00
exim-4_73_RC1
exim-4_74
exim-4_74_RC1
exim-4_75
exim-4_75_RC1
exim-4_75_RC2
exim-4_75_RC3
exim-4_76
exim-4_76_RC1
exim-4_76_RC2
exim-4_77
exim-4_77_RC1
exim-4_77_RC2
exim-4_77_RC3
exim-4_77_RC4
exim-4_80
exim-4_80_RC1
exim-4_80_RC2
exim-4_80_RC3
exim-4_80_RC4
exim-4_80_RC5
exim-4_80_RC6
exim-4_80_RC7
exim-4_82
exim-4_82_RC1
exim-4_82_RC2
exim-4_82_RC3
exim-4_82_RC4
exim-4_82_RC5
exim-4_83
exim-4_83_RC1
exim-4_83_RC2
exim-4_83_RC3
exim-4_84
exim-4_84_RC1
exim-4_84_RC2
exim-4_85
exim-4_85_RC1
exim-4_85_RC2
exim-4_85_RC3
exim-4_85_RC4
exim-4_86
exim-4_86_RC1
exim-4_86_RC2
exim-4_86_RC3
exim-4_86_RC4
exim-4_86_RC5
exim-4_87
exim-4_87_RC1
exim-4_87_RC2
exim-4_87_RC3
exim-4_87_RC4
exim-4_87_RC5
exim-4_87_RC6
exim-4_87_RC7
exim-4_88
exim-4_88_RC1
exim-4_88_RC2
exim-4_88_RC3
exim-4_88_RC4
exim-4_88_RC5
exim-4_88_RC6
exim-4_89_RC1
exim-4_89_RC3
exim-4_90
exim-4_90_RC1
exim-4_90_RC2
exim-4_90_RC3
exim-4_90_RC4
exim-4.*
exim-4.90.0.22
exim-4.90.0.27
exim-4.90devstart