An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
https://www.tenable.com/blog/how-covid-19-response-is-expanding-the-cyberattack-surface
https://thibaud-robin.fr/writeups/santhacklaus-2018/archdrive/
https://www.debian.org/security/2018/dsa-4110
https://usn.ubuntu.com/3565-1/
https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html
https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
https://exim.org/static/doc/security/CVE-2018-6789.txt