Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/exim4@4.90.1-1?distro=trixie

Type deb

Namespace debian

Name exim4

Version 4.90.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.92~RC3-1

Latest_non_vulnerable_version 4.99.4-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2sqq-jsr5-n3aw

vulnerability_id VCID-2sqq-jsr5-n3aw

summary An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6789.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6789.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-6789

reference_id

reference_type

scores

value	0.86592
scoring_system	epss
scoring_elements	0.99439
published_at	2026-06-11T12:55:00Z

value	0.86592
scoring_system	epss
scoring_elements	0.9944
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-6789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789

reference_url

http://www.securityfocus.com/bid/103049

reference_id

103049

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

http://www.securityfocus.com/bid/103049

reference_url

http://www.securitytracker.com/id/1040461

reference_id

1040461

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

http://www.securitytracker.com/id/1040461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1543268
reference_id	1543268
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1543268

reference_url

http://openwall.com/lists/oss-security/2018/02/10/2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

http://openwall.com/lists/oss-security/2018/02/10/2

reference_url

http://www.openwall.com/lists/oss-security/2018/02/07/2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

http://www.openwall.com/lists/oss-security/2018/02/07/2

reference_url

https://usn.ubuntu.com/3565-1/

reference_id

3565-1

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

https://usn.ubuntu.com/3565-1/

reference_url

https://www.exploit-db.com/exploits/44571/

reference_id

44571

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

https://www.exploit-db.com/exploits/44571/

reference_url

https://www.exploit-db.com/exploits/45671/

reference_id

45671

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

https://www.exploit-db.com/exploits/45671/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890000
reference_id	890000
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890000

reference_url	https://security.archlinux.org/ASA-201802-6
reference_id	ASA-201802-6
reference_type
scores
url	https://security.archlinux.org/ASA-201802-6

reference_url

https://security.archlinux.org/AVG-608

reference_id

AVG-608

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-608

reference_url

https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1

reference_id

cf3cd306062a08969c41a1cdd32c6855f1abecf1

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/44571.py
reference_id	CVE-2018-6789
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/44571.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45671.py
reference_id	CVE-2018-6789
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45671.py

reference_url	https://medium.com/@straightblast426/my-poc-walk-through-for-cve-2018-6789-2e402e4ff588
reference_id	CVE-2018-6789
reference_type	exploit
scores
url	https://medium.com/@straightblast426/my-poc-walk-through-for-cve-2018-6789-2e402e4ff588

reference_url

https://exim.org/static/doc/security/CVE-2018-6789.txt

reference_id

CVE-2018-6789.txt

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

https://exim.org/static/doc/security/CVE-2018-6789.txt

reference_url

https://www.debian.org/security/2018/dsa-4110

reference_id

dsa-4110

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

https://www.debian.org/security/2018/dsa-4110

reference_url

http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html

reference_id

Exim-base64d-Buffer-Overflow.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html

reference_url

https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/

reference_id

exim-off-by-one-RCE-exploiting-CVE-2018-6789-en

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/

reference_url	https://security.gentoo.org/glsa/201803-01
reference_id	GLSA-201803-01
reference_type
scores
url	https://security.gentoo.org/glsa/201803-01

reference_url

https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html

reference_id

msg00009.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/

url

https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html

fixed_packages

url	pkg:deb/debian/exim4@4.90.1-1?distro=trixie
purl	pkg:deb/debian/exim4@4.90.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.90.1-1%3Fdistro=trixie

url pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93x9-7cp1-s3d3

vulnerability	VCID-hhte-snaq-ruh5

vulnerability	VCID-syut-2gvg-jqer

vulnerability	VCID-w86m-chaw-13bw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie
purl	pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie

url	pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/exim4@4.99.3-2?distro=trixie
purl	pkg:deb/debian/exim4@4.99.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie

url	pkg:deb/debian/exim4@4.99.4-1?distro=trixie
purl	pkg:deb/debian/exim4@4.99.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie

aliases CVE-2018-6789

risk_score 10.0

exploitability 2.0

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2sqq-jsr5-n3aw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.90.1-1%3Fdistro=trixie

Package Instance