CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2018-6789

CVSS 9.8v3.1pub. 2018-02-08upd. 2025-11-07

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Canonical Ubuntu

    OS
    Canonical
    14.0416.0417.10
  • Debian

    OS
    Debian
    7.08.09.0
  • Exim

    APP
    Exim
    < 4.90.1

CISA KEV — detailsi

Vendori
Exim
Producti
Exim
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 3 maja 2022
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki