Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 931106 (CVE-2024-4140) - <dev-perl/Email-MIME-1.954.0: Denial of service via excessive memory consumption
Summary: <dev-perl/Email-MIME-1.954.0: Denial of service via excessive memory consumption
Status: IN_PROGRESS
Alias: CVE-2024-4140
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-03 04:09 UTC by Sam James
Modified: 2024-05-03 04:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-05-03 04:09:11 UTC 
"""
Changes for version 1.954 - 2024-05-02

    Fix for CVE-2024-4140: An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The fix is the new $MAX_PARTS configuration limits how many parts we will consider parsing. The default $MAX_PARTS is 100.
"""
Comment 1 Larry the Git Cow gentoo-dev 2024-05-03 04:15:03 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eab6c5d49f384dd3dce8f93f3d76359381728d59

commit eab6c5d49f384dd3dce8f93f3d76359381728d59
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-05-03 04:08:44 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-05-03 04:09:47 +0000

    dev-perl/Email-MIME: add 1.954.0
    
    Bug: https://bugs.gentoo.org/931106
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-perl/Email-MIME/Email-MIME-1.954.0.ebuild | 36 +++++++++++++++++++++++++++
 dev-perl/Email-MIME/Manifest                  |  1 +
 2 files changed, 37 insertions(+)