CVE-2017-16844 - OpenCVE

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Procmail	Procmail
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:procmail:procmail:3.22:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
procmail-0:3.22-36.el7_4.1	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:3269	2017-11-28T00:00:00Z

References

Link	Providers
http://www.securitytracker.com/id/1039844
https://access.redhat.com/errata/RHSA-2017:3269
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html
https://nvd.nist.gov/vuln/detail/CVE-2017-16844
https://www.cve.org/CVERecord?id=CVE-2017-16844
https://www.debian.org/security/2017/dsa-4041

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-16T15:00:00

Updated: 2024-08-05T20:35:21.217Z

Reserved: 2017-11-16T00:00:00

Link: CVE-2017-16844

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-11-16T15:29:00.510

Modified: 2018-02-04T02:29:15.803

Link: CVE-2017-16844

Redhat

Severity : Important

Publid Date: 2017-09-22T00:00:00Z

Links: CVE-2017-16844 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1173-1] procmail security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"}, {"name": "RHSA-2017:3269", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3269"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"}, {"name": "DSA-4041", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4041"}, {"name": "1039844", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039844"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16844", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1173-1] procmail security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"}, {"name": "RHSA-2017:3269", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3269"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"}, {"name": "DSA-4041", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4041"}, {"name": "1039844", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039844"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:35:21.217Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1173-1] procmail security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"}, {"name": "RHSA-2017:3269", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3269"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"}, {"name": "DSA-4041", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4041"}, {"name": "1039844", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039844"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16844", "datePublished": "2017-11-16T15:00:00", "dateReserved": "2017-11-16T00:00:00", "dateUpdated": "2024-08-05T20:35:21.217Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:procmail:procmail:3.22:*:*:*:*:*:*:*", "matchCriteriaId": "A8D9766A-7700-4D2D-9E4B-6C515230B6C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n loadbuf en formisc.c en formail en la versi\u00f3n 3.22 de procmail permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de aplicaci\u00f3n) o, posiblemente, ejecuten c\u00f3digo arbitrario mediante un mensaje de email manipulado debido a un tama\u00f1o de realloc embebido. Esta es una vulnerabilidad diferente de CVE-2014-3618."}], "id": "CVE-2017-16844", "lastModified": "2018-02-04T02:29:15.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-16T15:29:00.510", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039844"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3269"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4041"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:3269", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "procmail-0:3.22-36.el7_4.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-11-28T00:00:00Z"}], "bugzilla": {"description": "procmail: Heap-based buffer overflow in loadbuf function in formisc.c", "id": "1500070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500070"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-122", "details": ["Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.", "A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail."], "name": "CVE-2017-16844", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "procmail", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "procmail", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-09-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-16844\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16844"], "statement": "This issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Important"}