CVE-2024-4140 — Allocation of Resources Without Limits or Throttling in Email-mime

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-476 — NULL Pointer Dereference7 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rjbs Email-mime Fedoraproject Fedora

Timeline

PublishedMay 2

Latest updateOct 15

Description

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5rjbs/email-mime< 1.954

▶NVDrjbs/email-mime< 1.954

Also affects: Fedora 39, 40

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

CVE-2024-4140: An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1↗2024-05-02

▶

OSV

CVE-2024-4140: An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1↗2024-05-02

▶

GHSA

GHSA-2rhr-29cm-5chf: An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1↗2024-05-02

▶

📋Vendor Advisories

Oracle

Oracle Oracle Siebel CRM Risk Matrix: Keyword Automation (Email-MIME) — CVE-2024-4140↗2025-10-15

▶

Red Hat

kernel: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream↗2024-10-21

▶

Debian

CVE-2024-4140: libemail-mime-perl - An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.9...↗2024

▶