CVSS: 10.0EPSS: 22%CPEs: 1EXPL: 0CVE-2017-16844 – procmail: Heap-based buffer overflow in loadbuf function in formisc.c
https://notcve.org/view.php?id=CVE-2017-16844
16 Nov 2017 — Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. Desbordamiento de búfer basado en memoria dinámica (heap) en la función loadbuf en formisc.c en formail en la versión 3.22 de procmail permite que atacantes remotos provoquen una denegación de servici... • http://www.securitytracker.com/id/1039844 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 10%CPEs: 4EXPL: 1CVE-2014-3618 – procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
https://notcve.org/view.php?id=CVE-2014-3618
04 Sep 2014 — Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." Desbordamiento de buffer basado en memoria dinámica en formisc.c en formail en procmail 3.22 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una cabecera de email manipulada, relacionado con 'comillas inestables... • http://linux.oracle.com/errata/ELSA-2014-1172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0905
https://notcve.org/view.php?id=CVE-2001-0905
18 Oct 2001 — Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:60.procmail.asc •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-1999-0439
https://notcve.org/view.php?id=CVE-1999-0439
05 Apr 1999 — Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0439 •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0475
https://notcve.org/view.php?id=CVE-1999-0475
05 Apr 1999 — A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0475 •