CVE-2004-2771
published 2014-12-24CVE-2004-2771: The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bsd_mailx_project | bsd_mailx | <= 8.1.2 | — |
| debian | bsd-mailx | < bsd-mailx 8.1.2-0.20071201cvs-1 (bookworm) | bsd-mailx 8.1.2-0.20071201cvs-1 (bookworm) |
| heirloom | mailx | <= 12.5 | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| oracle | linux | — | — |
| oracle | linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH