CVSS: 10.0EPSS: 22%CPEs: 1EXPL: 0CVE-2017-16844 – procmail: Heap-based buffer overflow in loadbuf function in formisc.c
https://notcve.org/view.php?id=CVE-2017-16844
16 Nov 2017 — Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. Desbordamiento de búfer basado en memoria dinámica (heap) en la función loadbuf en formisc.c en formail en la versión 3.22 de procmail permite que atacantes remotos provoquen una denegación de servici... • http://www.securitytracker.com/id/1039844 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 10%CPEs: 4EXPL: 1CVE-2014-3618 – procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
https://notcve.org/view.php?id=CVE-2014-3618
04 Sep 2014 — Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." Desbordamiento de buffer basado en memoria dinámica en formisc.c en formail en procmail 3.22 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una cabecera de email manipulada, relacionado con 'comillas inestables... • http://linux.oracle.com/errata/ELSA-2014-1172.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •