Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-3618

Published: 08/09/2014 Updated: 13/02/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Procmail

Vulnerability Summary

Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."

Vulnerable Product Search on Vulmon Subscribe to Product

procmail procmail 3.22

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 10.04

Vendor Advisories

Debian CVElist Bug Report Logs: procmail: CVE-2014-3618: Heap-overflow in formail when processing specially-crafted email headers
Debian Bug report logs - #760443 procmail: CVE-2014-3618: Heap-overflow in formail when processing specially-crafted email headers Package: procmail; Maintainer for procmail is Santiago Vila <sanvila@debianorg>; Source for procmail is src:procmail (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg ...
Ubuntu Security Notice: procmail vulnerability
formail could be made to crash or run programs if it processed specially crafted mail ...
Debian Security Advisories: DSA-3019-1 procmail -- security update
Boris pi Piwinger and Tavis Ormandy reported a heap overflow vulnerability in procmail's formail utility when processing specially-crafted email headers A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss, or possibly execute arbitrary code For the stable distribution (wheezy), this probl ...
Amazon Linux AMI: ALAS-2014-408
A heap-based buffer overflow flaw was found in procmail's formail utility A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail (CVE-2014-3618) ...
Red Hat: CVE-2014-3618
A heap-based buffer overflow flaw was found in procmail's formail utility A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail ...

References

CWE-119http://www.openwall.com/lists/oss-security/2014/09/03/8http://www.debian.org/security/2014/dsa-3019http://www.ubuntu.com/usn/USN-2340-1http://www.securityfocus.com/bid/69573http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1172.htmlhttps://support.apple.com/HT205267http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://secunia.com/advisories/61108http://secunia.com/advisories/61090http://secunia.com/advisories/61076http://linux.oracle.com/errata/ELSA-2014-1172.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/95688https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760443https://usn.ubuntu.com/2340-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3618
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook