CVE-2017-16844

Summary

CVE	CVE-2017-16844
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-11-16 15:29:00 UTC
Updated	2018-02-04 02:29:00 UTC
Description	Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Procmail	Procmail	3.22	All	All	All
Application	Procmail	Procmail	3.22	All	All	All

References

Reference	Source	Link	Tags
#876511 - formail: CVE-2017-16844: heap-based buffer overflow in loadbuf() - Debian Bug report logs	MISC	bugs.debian.org	Issue Tracking, Third Party Advisory
Procmail Buffer Overflow in formail loadbuf() Lets Remote Users Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Debian -- Security Information -- DSA-4041-1 procmail	DEBIAN	www.debian.org	Third Party Advisory
[SECURITY] [DLA 1173-1] procmail security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378278 Virtuozzo Linux Security Update for procmail (VZLSA-2017:3269)
901165 Common Base Linux Mariner (CBL-Mariner) Security Update for procmail (7332-1)
901554 Common Base Linux Mariner (CBL-Mariner) Security Update for procmail (6803-1)