CVE-1999-0439 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Procmail

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Procmail

Timeline

PublishedApr 5

Latest updateApr 19

Description

Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDprocmail/procmail3.12

🔴Vulnerability Details

VulDB

Procmail 3.12 Config File procmailrc memory corruption (XFDB-2082 / SBV-596)↗2026-04-19

▶

GHSA

GHSA-vm64-4p36-f6c5: Buffer overflow in procmail before version 3↗2022-04-30

▶