Critical severity9.8CISA KEVNVD Advisory· Published Feb 8, 2018· Updated Jun 17, 2026
CVE-2018-6789
CVE-2018-6789
Description
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords6 versionspkg:rpm/opensuse/exim&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/exim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/exim&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/exim&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/libspf2&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libspf2&distro=SUSE%20Package%20Hub%2015%20SP2
< 4.94.2-lp152.8.3.1+ 5 more
- (no CPE)range: < 4.94.2-lp152.8.3.1
- (no CPE)range: < 4.94.2-4.2
- (no CPE)range: < 4.94.2-bp151.2.4.1
- (no CPE)range: < 4.94.2-bp152.6.4.1
- (no CPE)range: < 1.2.10-bp151.4.1
- (no CPE)range: < 1.2.10-bp152.5.1
Patches
Vulnerability mechanics
References
14- git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1nvdPatch
- packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.htmlnvdExploitThird Party AdvisoryVDB Entry
- devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/nvdExploitThird Party Advisory
- www.exploit-db.com/exploits/44571/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/45671/nvdExploitThird Party AdvisoryVDB Entry
- openwall.com/lists/oss-security/2018/02/10/2nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2018/02/07/2nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/103049nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040461nvdBroken LinkThird Party AdvisoryVDB Entry
- exim.org/static/doc/security/CVE-2018-6789.txtnvdVendor Advisory
- lists.debian.org/debian-lts-announce/2018/02/msg00009.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3565-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4110nvdMailing ListThird Party Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.