cbcvebase.
CVE-2017-16844
published 2017-11-16

CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application…

PriorityP346critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
12.52%
95.7th percentile
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianprocmail< procmail 3.22-26 (bookworm)procmail 3.22-26 (bookworm)
msrcazl3_procmail_3.22-53_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_procmail_3.22-53_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
procmailprocmail
procmailprocmail>= 0 < 3.22-263.22-26
procmailprocmail>= 0 < 3.22-263.22-26
procmailprocmail>= 0 < 3.22-263.22-26
procmailprocmail>= 0 < 3.22-263.22-26

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv7.5HIGH
vendor_msrc9.8CRITICAL
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.