PT-2017-3219 · None+5 · Procmail+5

Jakub Wilk

Publicado

2017-09-23

Atualizado

2024-06-15

CVE-2017-16844

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions procmail version 3.22

Description The issue is a heap-based buffer overflow in the loadbuf function in formisc.c in formail, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted e-mail message. This is due to a hardcoded realloc size.

Recommendations For procmail version 3.22, consider disabling the loadbuf function in formisc.c as a temporary workaround until a patch is available. Restrict access to the formail component to minimize the risk of exploitation. Avoid using the affected function to process e-mail messages until the issue is resolved.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2018-1499

AZL-36982

AZL-6803

AZL-7332

BDU:2017-02652

CESA-2017_3269

CVE-2017-16844

DLA-1173-1

DSA-4041-1

OPENSUSE-SU-2024:11194-1

RHSA-2017:3269

RHSA-2017_3269

SUSE-SU-2017:3231-1

SUSE-SU-2017_3231-1

SUSE-SU-2018:0173-1

SUSE-SU-2018_0173-1

USN-3483-1

USN-3483-2

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Procmail

PT-2017-3219 · None+5 · Procmail+5

CVE-2017-16844

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28