CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2017-16844 – procmail: Heap-based buffer overflow in loadbuf function in formisc.c
https://notcve.org/view.php?id=CVE-2017-16844
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. Desbordamiento de búfer basado en memoria dinámica (heap) en la función loadbuf en formisc.c en formail en la versión 3.22 de procmail permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de aplicación) o, posiblemente, ejecuten código arbitrario mediante un mensaje de email manipulado debido a un tamaño de realloc embebido. Esta es una vulnerabilidad diferente de CVE-2014-3618. A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. • http://www.securitytracker.com/id/1039844 https://access.redhat.com/errata/RHSA-2017:3269 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html https://www.debian.org/security/2017/dsa-4041 https://access.redhat.com/security/cve/CVE-2017-16844 https://bugzilla.redhat.com/show_bug.cgi?id=1500070 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 1CVE-2014-3618 – procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
https://notcve.org/view.php?id=CVE-2014-3618
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." Desbordamiento de buffer basado en memoria dinámica en formisc.c en formail en procmail 3.22 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una cabecera de email manipulada, relacionado con 'comillas inestables.' A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail. • http://linux.oracle.com/errata/ELSA-2014-1172.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.html http://rhn.redhat.com/errata/RHSA-2014-1172.html http://secunia.com/advisories/61076 http://secunia.com/advisories/61090 http://secunia.com/advisories/61108 http://www.debian.org/security/2014/dsa-3019 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •