CVE-2017-16844

Synopsis Important: procmail security update Type/Severity Security Advisory: Important Topic An update for procmail is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...

Debian Bug report logs - #876511 formail: CVE-2017-16844: heap-based buffer overflow in loadbuf() Package: procmail; Maintainer for procmail is Santiago Vila <sanvila@debianorg>; Source for procmail is src:procmail (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@jwilknet> Date: Sat, 23 Sep 2017 02:03:02 UTC S ...

formail could be made to crash or run programs if it processed specially crafted mail ...

formail could be made to crash or run programs if it processed specially crafted mail ...

Jakub Wilk reported a heap-based buffer overflow vulnerability in procmail's formail utility when processing specially-crafted email headers A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss For the oldstable distribution (jessie), this problem has been fixed in version 322-24+deb8u1 ...

A heap-based buffer overflow flaw was found in procmail's formail utility A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail(CVE-2017-16844) ...

A heap-based buffer overflow flaw was found in the loadbuf function in formiscc in the formail utility in procmail <= 322 because of a hardcoded realloc size When the buffer is too small, the function tries to resize it, but only by Bsize (=128) bytes which is not necessarily enough A remote attacker could send a specially crafted email that ...