PT-2014-5423 · Procmail+4 · Procmail+4

Philip Pettersson

Published

2014-09-04

Updated

2024-06-15

CVE-2014-3618

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions procmail version 3.22

Description The issue is related to a heap-based buffer overflow in the formisc.c file of the formail component in procmail. This can be triggered by remote attackers sending a crafted email header, potentially causing a denial of service (crash) and possibly allowing the execution of arbitrary code. The vulnerability is related to "unbalanced quotes" in email headers.

Recommendations For procmail version 3.22, consider updating to a newer version that addresses this issue, as the current version is affected by the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

AZL-36981

AZL-6802

AZL-7331

CESA-2014_1172

CVE-2014-3618

DLA-46-1

DSA-3019-1

MGASA-2014-0373

OPENSUSE-SU-2014_1114-1

OPENSUSE-SU-2024:10533-1

RHSA-2014:1172

RHSA-2014_1172

SUSE-SU-2014_1137-1

USN-2340-1

Affected Products

Centos

Red Hat

Suse

Ubuntu

Procmail

PT-2014-5423 · Procmail+4 · Procmail+4

CVE-2014-3618

Weakness Enumeration

Related Identifiers

Affected Products

References · 33