Cyber Resilience

CVE-2018-6789

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 08 February 2018

Published
08 February 2018
Modified
07 November 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8659 99.4th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-6789 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Debian Debian Linux. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a buffer overflow (CWE-120) in the base64d function within the SMTP listener component of Exim versions prior to 4.90.1. It was assigned CVE-2018-6789 with a CVSS v3.1 score of 9.8, reflecting network-accessible attack conditions that require no authentication or user interaction.

An unauthenticated remote attacker can exploit the flaw by sending a specially crafted message to the SMTP listener, triggering the overflow to achieve arbitrary code execution on the affected server with full confidentiality, integrity, and availability impact.

Advisories referenced in public disclosure lists indicate that the issue is resolved by upgrading to Exim 4.90.1 or later. No additional real-world exploitation details or AI/ML considerations are provided in the source data.

EU & UK References

Vulnerability details

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

exim
exim
≤ 4.90.1
debian
debian linux
7.0, 8.0, 9.0
canonical
ubuntu linux
14.04, 16.04, 17.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of SMTP input to the base64d function, blocking the crafted message that triggers the buffer overflow.

prevent

Requires prompt application of the vendor patch that upgrades Exim to 4.90.1 and eliminates the vulnerable base64d implementation.

prevent

Applies memory-protection mechanisms that can block exploitation of the overflow even if input validation fails.

References