CVE-2018-6789
critical-risk
Published 2018-02-08
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Do I need to act?
!
86.4% chance of exploitation in next 30 days
EPSS score — higher than 14% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
+
Fix available
Upgrade to: 062990cc1b2f9e5d82a413b53c8f0569075de700
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (7)
References (27)
Mailing List
http://openwall.com/lists/oss-security/2018/02/10/2
Broken Link
http://www.securityfocus.com/bid/103049
Broken Link
http://www.securitytracker.com/id/1040461
Vendor Advisory
https://exim.org/static/doc/security/CVE-2018-6789.txt
Third Party Advisory
https://usn.ubuntu.com/3565-1/
Mailing List
https://www.debian.org/security/2018/dsa-4110
Mailing List
http://openwall.com/lists/oss-security/2018/02/10/2
Broken Link
http://www.securityfocus.com/bid/103049
Broken Link
http://www.securitytracker.com/id/1040461
Vendor Advisory
https://exim.org/static/doc/security/CVE-2018-6789.txt
and 7 more references
73
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
27/34 · High
Exposure
14/34 · Moderate