PT-2014-5423 · Procmail+4 · Procmail+4

Philip Pettersson

Publicado

2014-09-04

Atualizado

2024-06-15

CVE-2014-3618

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions procmail version 3.22

Description The issue is related to a heap-based buffer overflow in the formisc.c file of the formail component in procmail. This can be triggered by remote attackers sending a crafted email header, potentially causing a denial of service (crash) and possibly allowing the execution of arbitrary code. The vulnerability is related to "unbalanced quotes" in email headers.

Recommendations For procmail version 3.22, consider updating to a newer version that addresses this issue, as the current version is affected by the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

AZL-36981

AZL-6802

AZL-7331

CESA-2014_1172

CVE-2014-3618

DLA-46-1

DSA-3019-1

MGASA-2014-0373

OPENSUSE-SU-2014_1114-1

OPENSUSE-SU-2024:10533-1

RHSA-2014:1172

RHSA-2014_1172

SUSE-SU-2014_1137-1

USN-2340-1

Produtos afetados

Centos

Red Hat

Suse

Ubuntu

Procmail

PT-2014-5423 · Procmail+4 · Procmail+4

CVE-2014-3618

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33