PT-2024-4066 · Mime4J+1 · Mime4J+1

Benoit Tellier

Published

2024-02-27

Updated

2025-05-06

CVE-2024-21742

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions: MIME4J library (affected versions not specified)

Description: The issue is related to improper input validation in the MIME4J library, which can be exploited by an attacker to add unintended headers to MIME messages. This can occur when using the MIME4J DOM for composing messages. The exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-20

Related Identifiers

BDU:2024-04513

CVE-2024-21742

GHSA-JW7R-RXFF-GV24

OESA-2024-1333

OESA-2024-1475

OESA-2024-1476

OESA-2024-1477

OESA-2024-1478

OESA-2024-1479

Affected Products

Debian

Mime4J

PT-2024-4066 · Mime4J+1 · Mime4J+1

CVE-2024-21742

Weakness Enumeration

Related Identifiers

Affected Products

References · 35