Updated: 2026-02-27 01:58:24.606441
Description:
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | HIGH | 7.5 |
| CVSS Version 3.x | CRITICAL | 9.8 |
| Added Date | Description | Due Date | Notes |
|---|---|---|---|
| 2021-11-03 | Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution. | 2022-05-03 | https://nvd.nist.gov/vuln/detail/CVE-2018-6789 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | exim | 4.92.3 | 9.8 | CRITICAL | Not Vulnerable | 2021-12-09 07:57:03 | Not affected: CVE-2018-6789 applies only to Exim versions prior to 4.90.1; Exim 4.92.3 already inclu... | |
| CloudLinux 6 ELS | exim | 4.92.3 | 9.8 | CRITICAL | Not Vulnerable | 2021-12-09 07:57:03 | ||
| Ubuntu 16.04 ELS | exim | 4.86.2 | 9.8 | CRITICAL | Not Vulnerable | 2021-12-21 09:55:07 | CVE-2018-6789 is exploitable only via Exim’s SMTP listener path (triggered by attacker‑supplied ... | |
| Ubuntu 18.04 ELS | exim | 4.90.1 | 9.8 | CRITICAL | Not Vulnerable | 2023-05-30 08:57:41 | Not vulnerable: CVE-2018-6789 impacts Exim versions prior to 4.90.1, and the version in scope is 4.9... |