CVE-2014-3618
published 2014-09-08CVE-2014-3618: Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
8.53%
94.4th percentile
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_el_capitan_v10.11 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | procmail | < procmail 3.22-26 (bookworm) | procmail 3.22-26 (bookworm) |
| debian | procmail | < procmail 3.22-22 (bookworm) | procmail 3.22-22 (bookworm) |
| msrc | azl3_procmail_3.22-53_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_procmail_3.22-53_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| procmail | procmail | — | — |
| procmail | procmail | >= 0 < 3.22-22 | 3.22-22 |
| procmail | procmail | >= 0 < 3.22-26 | 3.22-26 |
| procmail | procmail | >= 0 < 3.22-22 | 3.22-22 |
| procmail | procmail | >= 0 < 3.22-26 | 3.22-26 |
| procmail | procmail | >= 0 < 3.22-22 | 3.22-22 |
| procmail | procmail | >= 0 < 3.22-26 | 3.22-26 |
| procmail | procmail | >= 0 < 3.22-22 | 3.22-22 |
| procmail | procmail | >= 0 < 3.22-26 | 3.22-26 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_msrc9.8CRITICAL
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j8hf-r298-62j6: Heap-based buffer overflow in formisc
ghsa_unreviewed·2022-05-17
CVE-2014-3618 [HIGH] CWE-119 GHSA-j8hf-r298-62j6: Heap-based buffer overflow in formisc
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
GHSA
GHSA-4f62-c8fw-44pp: Heap-based buffer overflow in the loadbuf function in formisc
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-16844 [HIGH] CWE-119 GHSA-4f62-c8fw-44pp: Heap-based buffer overflow in the loadbuf function in formisc
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
OSV
CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc
osv·2017-11-16·CVSS 7.5
CVE-2017-16844 [HIGH] CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
OSV
CVE-2014-3618: Heap-based buffer overflow in formisc
osv·2014-09-08·CVSS 7.5
CVE-2014-3618 [HIGH] CVE-2014-3618: Heap-based buffer overflow in formisc
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
Microsoft
CVE-2014-3618: NIST NVD Details: https://nvd
vendor_msrc·2024-06-11·CVSS 7.5
CVE-2014-3618 [HIGH] CVE-2014-3618: NIST NVD Details: https://nvd
NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2014-3618
Mariner: Mariner
[email protected]: [email protected]
Customer Action Required: Yes
Remediation: procmail
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-3618
Microsoft
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
vendor_msrc·2017-11-14·CVSS 9.8
CVE-2017-16844 [HIGH] CWE-119 Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size a different vulnerability than CVE-2014-3618.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 202
Red Hat
procmail: Heap-based buffer overflow in loadbuf function in formisc.c
vendor_redhat·2017-09-22·CVSS 7.5
CVE-2017-16844 [HIGH] CWE-122 procmail: Heap-based buffer overflow in loadbuf function in formisc.c
procmail: Heap-based buffer overflow in loadbuf function in formisc.c
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.
Statement: This issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle p
Debian
CVE-2017-16844: procmail - Heap-based buffer overflow in the loadbuf function in formisc.c in formail in pr...
vendor_debian·2017·CVSS 7.5
CVE-2017-16844 [HIGH] CVE-2017-16844: procmail - Heap-based buffer overflow in the loadbuf function in formisc.c in formail in pr...
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
Scope: local
bookworm: resolved (fixed in 3.22-26)
bullseye: resolved (fixed in 3.22-26)
forky: resolved (fixed in 3.22-26)
sid: resolved (fixed in 3.22-26)
trixie: resolved (fixed in 3.22-26)
Red Hat
procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
vendor_redhat·2014-09-04·CVSS 7.5
CVE-2014-3618 [HIGH] CWE-228 procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail.
Ubuntu
procmail vulnerability
vendor_ubuntu·2014-09-04
CVE-2014-3618 procmail vulnerability
Title: procmail vulnerability
Summary: formail could be made to crash or run programs if it processed specially
crafted mail.
Tavis Ormandy discovered that the formail tool incorrectly handled certain
malformed mail headers. An attacker could use this flaw to cause formail to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2014-3618: procmail - Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remot...
vendor_debian·2014·CVSS 7.5
CVE-2014-3618 [HIGH] CVE-2014-3618: procmail - Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remot...
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
Scope: local
bookworm: resolved (fixed in 3.22-22)
bullseye: resolved (fixed in 3.22-22)
forky: resolved (fixed in 3.22-22)
sid: resolved (fixed in 3.22-22)
trixie: resolved (fixed in 3.22-22)
Apple
CVE-2014-3618: OS X El Capitan v10.11
vendor_apple·CVSS 7.5
CVE-2014-3618 [HIGH] CVE-2014-3618: OS X El Capitan v10.11
Apple Security Update: About the security content of OS X El Capitan v10.11
Product: OS X El Capitan v10.11
CVE: CVE-2014-3618
Component: CVE-2014-3618
Impact: A local user may be able to execute arbitrary code with root privileges
Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary.
No detection rules found.
No public exploits indexed.
Bugzilla
procmail: memory corruption in formail
bugzilla·2014-11-19·CVSS 7.5
[HIGH] procmail: memory corruption in formail
procmail: memory corruption in formail
It was reported [1] that specially crafted data crashes formail.
See examples attached to this Bugzilla.
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769937
Discussion:
Created attachment 958985
Example data that crashes formail
---
Created procmail tracking bugs for this issue:
Affects: fedora-all [bug 1165723]
---
(In reply to Vasyl Kaigorodov from comment #0)
> It was reported [1] that specially crafted data crashes formail.
Where it was reported? There is no [1] link in this bug report.
How to reproduce it with the attached files? I am unable to reproduce it on F20 (procmail-3.22-36.fc20.x86_64) by simply running formail on these files.
Isn't this same as CVE-2014-3618?
---
(In reply to Jaroslav Škarvada from comment #3)
>
Bugzilla
CVE-2014-3618 procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
bugzilla·2014-09-04·CVSS 7.5
CVE-2014-3618 [HIGH] CVE-2014-3618 procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
CVE-2014-3618 procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers
A heap-based buffer overflow was reported in procmail when parsing addresses with unbalanced quotes.
More details available at:
http://www.openwall.com/lists/oss-security/2014/09/03/8
Discussion:
Created procmail tracking bugs for this issue:
Affects: fedora-all [bug 1137582]
---
This issue has been assigned CVE-2014-3618 via:
http://www.openwall.com/lists/oss-security/2014/09/04/1
---
Note that Tavis initially filed bug 1121299 against rawhide for this, and the malformed mbox to reproduce it as attached as https://bugzilla.redhat.com/attachment.cgi?id=919216
---
IssueDescription:
A heap-based buffer overflow flaw was found in procmail's formail utility. A remot
http://linux.oracle.com/errata/ELSA-2014-1172.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1172.htmlhttp://secunia.com/advisories/61076http://secunia.com/advisories/61090http://secunia.com/advisories/61108http://www.debian.org/security/2014/dsa-3019http://www.openwall.com/lists/oss-security/2014/09/03/8http://www.securityfocus.com/bid/69573http://www.ubuntu.com/usn/USN-2340-1https://exchange.xforce.ibmcloud.com/vulnerabilities/95688https://support.apple.com/HT205267http://linux.oracle.com/errata/ELSA-2014-1172.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1172.htmlhttp://secunia.com/advisories/61076http://secunia.com/advisories/61090http://secunia.com/advisories/61108http://www.debian.org/security/2014/dsa-3019http://www.openwall.com/lists/oss-security/2014/09/03/8http://www.securityfocus.com/bid/69573http://www.ubuntu.com/usn/USN-2340-1https://exchange.xforce.ibmcloud.com/vulnerabilities/95688https://support.apple.com/HT205267
2014-09-08
Published