CVE-2017-16844
published 2017-11-16CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application…
PriorityP346critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
12.52%
95.7th percentile
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | procmail | < procmail 3.22-26 (bookworm) | procmail 3.22-26 (bookworm) |
| msrc | azl3_procmail_3.22-53_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_procmail_3.22-53_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| procmail | procmail | — | — |
| procmail | procmail | >= 0 < 3.22-26 | 3.22-26 |
| procmail | procmail | >= 0 < 3.22-26 | 3.22-26 |
| procmail | procmail | >= 0 < 3.22-26 | 3.22-26 |
| procmail | procmail | >= 0 < 3.22-26 | 3.22-26 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv7.5HIGH
vendor_msrc9.8CRITICAL
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4f62-c8fw-44pp: Heap-based buffer overflow in the loadbuf function in formisc
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-16844 [HIGH] CWE-119 GHSA-4f62-c8fw-44pp: Heap-based buffer overflow in the loadbuf function in formisc
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
OSV
CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc
osv·2017-11-16·CVSS 7.5
CVE-2017-16844 [HIGH] CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
Ubuntu
procmail vulnerability
vendor_ubuntu·2017-11-21
CVE-2017-16844 procmail vulnerability
Title: procmail vulnerability
Summary: formail could be made to crash or run programs if it processed specially crafted mail.
USN-3483-1 fixed a vulnerability in procmail. This update provides the
corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Jakub Wilk discovered that the formail tool incorrectly handled certain
malformed mail messages. An attacker could use this flaw to cause formail
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
procmail vulnerability
vendor_ubuntu·2017-11-20
CVE-2017-16844 procmail vulnerability
Title: procmail vulnerability
Summary: formail could be made to crash or run programs if it processed specially
crafted mail.
Jakub Wilk discovered that the formail tool incorrectly handled certain
malformed mail messages. An attacker could use this flaw to cause formail
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
vendor_msrc·2017-11-14·CVSS 9.8
CVE-2017-16844 [HIGH] CWE-119 Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size a different vulnerability than CVE-2014-3618.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 202
Red Hat
procmail: Heap-based buffer overflow in loadbuf function in formisc.c
vendor_redhat·2017-09-22·CVSS 7.5
CVE-2017-16844 [HIGH] CWE-122 procmail: Heap-based buffer overflow in loadbuf function in formisc.c
procmail: Heap-based buffer overflow in loadbuf function in formisc.c
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.
Statement: This issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle p
Debian
CVE-2017-16844: procmail - Heap-based buffer overflow in the loadbuf function in formisc.c in formail in pr...
vendor_debian·2017·CVSS 7.5
CVE-2017-16844 [HIGH] CVE-2017-16844: procmail - Heap-based buffer overflow in the loadbuf function in formisc.c in formail in pr...
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
Scope: local
bookworm: resolved (fixed in 3.22-26)
bullseye: resolved (fixed in 3.22-26)
forky: resolved (fixed in 3.22-26)
sid: resolved (fixed in 3.22-26)
trixie: resolved (fixed in 3.22-26)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-16844 procmail: Heap-based buffer overflow in loadbuf function in formisc.c
bugzilla·2017-10-09·CVSS 9.8
CVE-2017-16844 [CRITICAL] CVE-2017-16844 procmail: Heap-based buffer overflow in loadbuf function in formisc.c
CVE-2017-16844 procmail: Heap-based buffer overflow in loadbuf function in formisc.c
A flaw was found in the loadbuf function in formisc.c. When the buffer is too small, the function tries to resize it, but only by Bsize (=128) bytes. This is not necessarily enough and could cause denial of service.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
Discussion:
Created procmail tracking bugs for this issue:
Affects: fedora-all [bug 1500071]
---
Created attachment 1336923
Simple fix
Well, there maybe better fixes (e.g. counting the total buffer size in one step), but the attached fix is ultimately simple (few more cycles shouldn't be problem for typical scenarios).
Before the fix is applied:
$ zcat overflow.822.gz | valgrind formail -r
==8339== Memcheck, a memory
Bugzilla
CVE-2017-16844 procmail: Heap-based buffer overflow in loadbuf function in formisc.c [fedora-all]
bugzilla·2017-10-09·CVSS 9.8
CVE-2017-16844 [CRITICAL] CVE-2017-16844 procmail: Heap-based buffer overflow in loadbuf function in formisc.c [fedora-all]
CVE-2017-16844 procmail: Heap-based buffer overflow in loadbuf function in formisc.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
http://www.securitytracker.com/id/1039844https://access.redhat.com/errata/RHSA-2017:3269https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511https://lists.debian.org/debian-lts-announce/2017/11/msg00019.htmlhttps://www.debian.org/security/2017/dsa-4041http://www.securitytracker.com/id/1039844https://access.redhat.com/errata/RHSA-2017:3269https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511https://lists.debian.org/debian-lts-announce/2017/11/msg00019.htmlhttps://www.debian.org/security/2017/dsa-4041
2017-11-16
Published