Vulnerability in N/a
CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
EPSS: 0.866 (99.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
References
- exim.org/static/doc/security/CVE-2018-6789.txt (x_refsource_CONFIRM)
- [oss-security] 20180207 CVE-2018-6789 Exim 4.90 and earlier: buffer overflow (mailing-list, x_refsource_MLIST)
- USN-3565-1 (vendor-advisory, x_refsource_UBUNTU)
- openwall.com/lists/oss-security/2018/02/10/2 (x_refsource_CONFIRM)
- 1040461 (vdb-entry, x_refsource_SECTRACK)
- DSA-4110 (vendor-advisory, x_refsource_DEBIAN)
- 44571 (exploit, x_refsource_EXPLOIT-DB)
- [debian-lts-announce] 20180210 [SECURITY] [DLA 1274-1] exim4 security update (mailing-list, x_refsource_MLIST)
- git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1 (x_refsource_CONFIRM)
- devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ (x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-6789?
- CVE-2018-6789 is a vulnerability in N/a. Published 2018-02-08.
- Is CVE-2018-6789 known to be exploited?
- Yes. CVE-2018-6789 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 24 public proof-of-concept repositories are indexed.