PT-2017-3219 · None+5 · Procmail+5

Jakub Wilk

Published

2017-09-23

Updated

2024-06-15

CVE-2017-16844

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions procmail version 3.22

Description The issue is a heap-based buffer overflow in the loadbuf function in formisc.c in formail, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted e-mail message. This is due to a hardcoded realloc size.

Recommendations For procmail version 3.22, consider disabling the loadbuf function in formisc.c as a temporary workaround until a patch is available. Restrict access to the formail component to minimize the risk of exploitation. Avoid using the affected function to process e-mail messages until the issue is resolved.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-1499

AZL-36982

AZL-6803

AZL-7332

BDU:2017-02652

CESA-2017_3269

CVE-2017-16844

DLA-1173-1

DSA-4041-1

OPENSUSE-SU-2024:11194-1

RHSA-2017:3269

RHSA-2017_3269

SUSE-SU-2017:3231-1

SUSE-SU-2017_3231-1

SUSE-SU-2018:0173-1

SUSE-SU-2018_0173-1

USN-3483-1

USN-3483-2

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Procmail

PT-2017-3219 · None+5 · Procmail+5

CVE-2017-16844

Weakness Enumeration

Related Identifiers

Affected Products

References · 28