On February 05, 2018, Devcore Security Consulting discovered a buffer
overflow vulnerability in the base64 decode function of Exim message
transfer agent. On March 06, 2018, Exim released a security advisory
about the issue, confirming potential remote code execution that could
be triggered by sending a handcrafted message. The issue has been fixed
in version 4.90.1 of Exim and no alternative mitigation is known.
The vulnerability is due to a calculation mistake of decode buffer length in the base64 decode
function of Exim. It can be exploited by sending an invalid base64 string to the function. If
the string is larger than the buffer, Exim will consume more bytes than the allocated buffer,
allowing overwrites of critical data. As the bytes are controllable, the flaw may potentially be
exploited for remote code execution
Recommendations
As there is no mitigation known for this vulnerability, is it highly recommended to update Exim to version 4.90.1