7.5
CVSSv2

CVE-2014-3618

Published: 08/09/2014 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."

Affected Products

Vendor Product Versions
ProcmailProcmail3.22
CanonicalUbuntu Linux10.04, 12.04, 14.04

Vendor Advisories

Debian Bug report logs - #760443 procmail: CVE-2014-3618: Heap-overflow in formail when processing specially-crafted email headers Package: procmail; Maintainer for procmail is Santiago Vila <sanvila@debianorg>; Source for procmail is src:procmail (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg ...
formail could be made to crash or run programs if it processed specially crafted mail ...
Boris pi Piwinger and Tavis Ormandy reported a heap overflow vulnerability in procmail's formail utility when processing specially-crafted email headers A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss, or possibly execute arbitrary code For the stable distribution (wheezy), this probl ...
A heap-based buffer overflow flaw was found in procmail's formail utility A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail (CVE-2014-3618 ) ...
A heap-based buffer overflow flaw was found in procmail's formail utility A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...

Github Repositories

Nix Issue Database Example This repository is an example output of a tool that I have been tinkering wit for some time now This repository aims to provide the following properties without introducing the need for a "proper" database The files and the output should be parsable using standard shell utilities Tools that ease the usage and/or provide aggregated outputs