Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 638112 (CVE-2017-16844)

Summary: mail-filter/procmail: Buffer Overflow leading to DoS
Product: Gentoo Security Reporter: Francis Booth <boothf>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: net-mail+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
Whiteboard: B3 [ebuild cve]
Package list:
Runtime testing required: ---

Description Francis Booth 2017-11-19 10:06:07 UTC 
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.

~ eleix (Security Padawan)

Reproducible: Didn't try
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-03-23 23:51:12 UTC 

*** This bug has been marked as a duplicate of bug 638108 ***