CVE-2014-3618 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Procmail
Severity
9.8CRITICALNVD
NVD7.5OSV7.5
EPSS
9.8%
top 7.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 8
Latest updateJun 11
Description
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages10 packages
Also affects: Ubuntu Linux 10.04, 12.04, 14.04
🔴Vulnerability Details
4📋Vendor Advisories
8Microsoft▶
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code ↗2017-11-14
Debian▶
CVE-2017-16844: procmail - Heap-based buffer overflow in the loadbuf function in formisc.c in formail in pr...↗2017
Red Hat▶
procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers↗2014-09-04