CVE-2018-6789

Publication date 7 February 2018

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

Status

Package Ubuntu Release Status
exim4 17.10 artful
Fixed 4.89-5ubuntu1.3
16.04 LTS xenial
Fixed 4.86.2-2ubuntu2.3
14.04 LTS trusty
Fixed 4.82-3ubuntu2.4

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.8 · Critical

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities