Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-16844 (GCVE-0-2017-16844)
Vulnerability from cvelistv5 – Published: 2017-11-16 15:00 – Updated: 2024-08-05 20:35
VLAI?
EPSS
Summary
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1173-1] procmail security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"
},
{
"name": "RHSA-2017:3269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"
},
{
"name": "DSA-4041",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4041"
},
{
"name": "1039844",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1173-1] procmail security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"
},
{
"name": "RHSA-2017:3269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"
},
{
"name": "DSA-4041",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4041"
},
{
"name": "1039844",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1173-1] procmail security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"
},
{
"name": "RHSA-2017:3269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"
},
{
"name": "DSA-4041",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4041"
},
{
"name": "1039844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16844",
"datePublished": "2017-11-16T15:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:procmail:procmail:3.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8D9766A-7700-4D2D-9E4B-6C515230B6C8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en memoria din\\u00e1mica (heap) en la funci\\u00f3n loadbuf en formisc.c en formail en la versi\\u00f3n 3.22 de procmail permite que atacantes remotos provoquen una denegaci\\u00f3n de servicio (cierre inesperado de aplicaci\\u00f3n) o, posiblemente, ejecuten c\\u00f3digo arbitrario mediante un mensaje de email manipulado debido a un tama\\u00f1o de realloc embebido. Esta es una vulnerabilidad diferente de CVE-2014-3618.\"}]",
"id": "CVE-2017-16844",
"lastModified": "2024-11-21T03:17:04.927",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-11-16T15:29:00.510",
"references": "[{\"url\": \"http://www.securitytracker.com/id/1039844\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3269\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2017/dsa-4041\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1039844\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2017/dsa-4041\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-16844\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-11-16T15:29:00.510\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n loadbuf en formisc.c en formail en la versi\u00f3n 3.22 de procmail permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de aplicaci\u00f3n) o, posiblemente, ejecuten c\u00f3digo arbitrario mediante un mensaje de email manipulado debido a un tama\u00f1o de realloc embebido. Esta es una vulnerabilidad diferente de CVE-2014-3618.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:procmail:procmail:3.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8D9766A-7700-4D2D-9E4B-6C515230B6C8\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1039844\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3269\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2017/dsa-4041\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1039844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2017/dsa-4041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
GSD-2017-16844
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-16844",
"description": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.",
"id": "GSD-2017-16844",
"references": [
"https://www.suse.com/security/cve/CVE-2017-16844.html",
"https://www.debian.org/security/2017/dsa-4041",
"https://access.redhat.com/errata/RHSA-2017:3269",
"https://ubuntu.com/security/CVE-2017-16844",
"https://security.archlinux.org/CVE-2017-16844",
"https://alas.aws.amazon.com/cve/html/CVE-2017-16844.html",
"https://linux.oracle.com/cve/CVE-2017-16844.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-16844"
],
"details": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.",
"id": "GSD-2017-16844",
"modified": "2023-12-13T01:21:01.126151Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1173-1] procmail security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"
},
{
"name": "RHSA-2017:3269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"
},
{
"name": "DSA-4041",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4041"
},
{
"name": "1039844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039844"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:procmail:procmail:3.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16844"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"
},
{
"name": "DSA-4041",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4041"
},
{
"name": "1039844",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039844"
},
{
"name": "RHSA-2017:3269",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1173-1] procmail security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-02-04T02:29Z",
"publishedDate": "2017-11-16T15:29Z"
}
}
}
FKIE_CVE-2017-16844
Vulnerability from fkie_nvd - Published: 2017-11-16 15:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1039844 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:3269 | Third Party Advisory | |
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html | ||
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4041 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039844 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3269 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4041 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:procmail:procmail:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D9766A-7700-4D2D-9E4B-6C515230B6C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n loadbuf en formisc.c en formail en la versi\u00f3n 3.22 de procmail permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de aplicaci\u00f3n) o, posiblemente, ejecuten c\u00f3digo arbitrario mediante un mensaje de email manipulado debido a un tama\u00f1o de realloc embebido. Esta es una vulnerabilidad diferente de CVE-2014-3618."
}
],
"id": "CVE-2017-16844",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-16T15:29:00.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039844"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4041"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2017_3269
Vulnerability from csaf_redhat - Published: 2017-11-28 22:02 - Updated: 2024-11-22 11:39Summary
Red Hat Security Advisory: procmail security update
Notes
Topic
An update for procmail is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail.
Security Fix(es):
* A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for procmail is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail.\n\nSecurity Fix(es):\n\n* A heap-based buffer overflow flaw was found in procmail\u0027s formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3269",
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1500070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500070"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3269.json"
}
],
"title": "Red Hat Security Advisory: procmail security update",
"tracking": {
"current_release_date": "2024-11-22T11:39:52+00:00",
"generator": {
"date": "2024-11-22T11:39:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2017:3269",
"initial_release_date": "2017-11-28T22:02:16+00:00",
"revision_history": [
{
"date": "2017-11-28T22:02:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-28T22:02:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T11:39:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.x86_64",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64",
"product_id": "procmail-0:3.22-36.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.src",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.src",
"product_id": "procmail-0:3.22-36.el7_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.s390x",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.s390x",
"product_id": "procmail-0:3.22-36.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.ppc64",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64",
"product_id": "procmail-0:3.22-36.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.ppc64le",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le",
"product_id": "procmail-0:3.22-36.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.aarch64",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64",
"product_id": "procmail-0:3.22-36.el7_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.src"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.src",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.src"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.src",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.src"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.src",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.src"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.src",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16844",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-09-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1500070"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in procmail\u0027s formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procmail: Heap-based buffer overflow in loadbuf function in formisc.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16844"
},
{
"category": "external",
"summary": "RHBZ#1500070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16844",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16844"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16844",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16844"
}
],
"release_date": "2017-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-28T22:02:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procmail: Heap-based buffer overflow in loadbuf function in formisc.c"
}
]
}
RHSA-2017:3269
Vulnerability from csaf_redhat - Published: 2017-11-28 22:02 - Updated: 2025-11-21 18:02Summary
Red Hat Security Advisory: procmail security update
Notes
Topic
An update for procmail is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail.
Security Fix(es):
* A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for procmail is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail.\n\nSecurity Fix(es):\n\n* A heap-based buffer overflow flaw was found in procmail\u0027s formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3269",
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1500070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500070"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3269.json"
}
],
"title": "Red Hat Security Advisory: procmail security update",
"tracking": {
"current_release_date": "2025-11-21T18:02:57+00:00",
"generator": {
"date": "2025-11-21T18:02:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2017:3269",
"initial_release_date": "2017-11-28T22:02:16+00:00",
"revision_history": [
{
"date": "2017-11-28T22:02:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-28T22:02:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:02:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.x86_64",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64",
"product_id": "procmail-0:3.22-36.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.src",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.src",
"product_id": "procmail-0:3.22-36.el7_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.s390x",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.s390x",
"product_id": "procmail-0:3.22-36.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.ppc64",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64",
"product_id": "procmail-0:3.22-36.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.ppc64le",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le",
"product_id": "procmail-0:3.22-36.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"product": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"product_id": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail-debuginfo@3.22-36.el7_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "procmail-0:3.22-36.el7_4.1.aarch64",
"product": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64",
"product_id": "procmail-0:3.22-36.el7_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procmail@3.22-36.el7_4.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.src"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.src",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.src"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.src",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.src"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.src",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.src"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.src",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
},
"product_reference": "procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16844",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-09-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1500070"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in procmail\u0027s formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procmail: Heap-based buffer overflow in loadbuf function in formisc.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16844"
},
{
"category": "external",
"summary": "RHBZ#1500070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16844",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16844"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16844",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16844"
}
],
"release_date": "2017-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-28T22:02:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Client-optional-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Client-optional-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Server-Alt-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Server-Alt-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.src",
"7Workstation-7.4.Z:procmail-0:3.22-36.el7_4.1.x86_64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.aarch64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.ppc64le",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.s390x",
"7Workstation-7.4.Z:procmail-debuginfo-0:3.22-36.el7_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procmail: Heap-based buffer overflow in loadbuf function in formisc.c"
}
]
}
MSRC_CVE-2017-16844
Vulnerability from csaf_microsoft - Published: 2017-11-02 00:00 - Updated: 2024-06-30 07:00Summary
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size a different vulnerability than CVE-2014-3618.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2017-16844 Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size a different vulnerability than CVE-2014-3618. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2017/msrc_cve-2017-16844.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size a different vulnerability than CVE-2014-3618.",
"tracking": {
"current_release_date": "2024-06-30T07:00:00.000Z",
"generator": {
"date": "2025-10-19T17:12:48.111Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2017-16844",
"initial_release_date": "2017-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-12-16T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "16817"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 procmail 3.22-53",
"product": {
"name": "\u003cazl3 procmail 3.22-53",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 procmail 3.22-53",
"product": {
"name": "azl3 procmail 3.22-53",
"product_id": "16903"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 procmail 3.22-53",
"product": {
"name": "\u003ccbl2 procmail 3.22-53",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 procmail 3.22-53",
"product": {
"name": "cbl2 procmail 3.22-53",
"product_id": "16902"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 procmail 3.22-53",
"product": {
"name": "\u003cazl3 procmail 3.22-53",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 procmail 3.22-53",
"product": {
"name": "azl3 procmail 3.22-53",
"product_id": "16903"
}
}
],
"category": "product_name",
"name": "procmail"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 procmail 3.22-53 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 procmail 3.22-53 as a component of Azure Linux 3.0",
"product_id": "16903-17084"
},
"product_reference": "16903",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 procmail 3.22-53 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 procmail 3.22-53 as a component of CBL Mariner 2.0",
"product_id": "16902-17086"
},
"product_reference": "16902",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 procmail 3.22-53 as a component of Azure Linux 3.0",
"product_id": "16817-2"
},
"product_reference": "2",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 procmail 3.22-53 as a component of Azure Linux 3.0",
"product_id": "16903-16817"
},
"product_reference": "16903",
"relates_to_product_reference": "16817"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16844",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16903-17084",
"16902-17086",
"16903-16817"
],
"known_affected": [
"17084-1",
"17086-3",
"16817-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2017-16844 Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size a different vulnerability than CVE-2014-3618. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2017/msrc_cve-2017-16844.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-12-16T00:00:00.000Z",
"details": "3.22-53:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"17086-3",
"16817-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"17086-3",
"16817-2"
]
}
],
"title": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size a different vulnerability than CVE-2014-3618."
}
]
}
SUSE-SU-2017:3231-1
Vulnerability from csaf_suse - Published: 2017-12-07 14:27 - Updated: 2017-12-07 14:27Summary
Security update for procmail
Notes
Title of the patch
Security update for procmail
Description of the patch
This update for procmail fixes the following issues:
Security issue fixed:
- CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. (bnc#1068648)
Patchnames
slessp4-procmail-13368
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for procmail",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for procmail fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. (bnc#1068648)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-procmail-13368",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3231-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3231-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173231-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3231-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003477.html"
},
{
"category": "self",
"summary": "SUSE Bug 1068648",
"url": "https://bugzilla.suse.com/1068648"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16844 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16844/"
}
],
"title": "Security update for procmail",
"tracking": {
"current_release_date": "2017-12-07T14:27:27Z",
"generator": {
"date": "2017-12-07T14:27:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3231-1",
"initial_release_date": "2017-12-07T14:27:27Z",
"revision_history": [
{
"date": "2017-12-07T14:27:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-240.8.3.1.i586",
"product": {
"name": "procmail-3.22-240.8.3.1.i586",
"product_id": "procmail-3.22-240.8.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-240.8.3.1.ia64",
"product": {
"name": "procmail-3.22-240.8.3.1.ia64",
"product_id": "procmail-3.22-240.8.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-240.8.3.1.ppc64",
"product": {
"name": "procmail-3.22-240.8.3.1.ppc64",
"product_id": "procmail-3.22-240.8.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-240.8.3.1.s390x",
"product": {
"name": "procmail-3.22-240.8.3.1.s390x",
"product_id": "procmail-3.22-240.8.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-240.8.3.1.x86_64",
"product": {
"name": "procmail-3.22-240.8.3.1.x86_64",
"product_id": "procmail-3.22-240.8.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.i586"
},
"product_reference": "procmail-3.22-240.8.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.ia64"
},
"product_reference": "procmail-3.22-240.8.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.ppc64"
},
"product_reference": "procmail-3.22-240.8.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.s390x"
},
"product_reference": "procmail-3.22-240.8.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.x86_64"
},
"product_reference": "procmail-3.22-240.8.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.i586"
},
"product_reference": "procmail-3.22-240.8.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.ia64"
},
"product_reference": "procmail-3.22-240.8.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.ppc64"
},
"product_reference": "procmail-3.22-240.8.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.s390x"
},
"product_reference": "procmail-3.22-240.8.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-240.8.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.x86_64"
},
"product_reference": "procmail-3.22-240.8.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16844"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16844",
"url": "https://www.suse.com/security/cve/CVE-2017-16844"
},
{
"category": "external",
"summary": "SUSE Bug 1068648 for CVE-2017-16844",
"url": "https://bugzilla.suse.com/1068648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procmail-3.22-240.8.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procmail-3.22-240.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-07T14:27:27Z",
"details": "moderate"
}
],
"title": "CVE-2017-16844"
}
]
}
SUSE-SU-2018:0173-1
Vulnerability from csaf_suse - Published: 2018-01-22 12:38 - Updated: 2018-01-22 12:38Summary
Security update for procmail
Notes
Title of the patch
Security update for procmail
Description of the patch
This update for procmail fixes the following issues:
- CVE-2017-16844: Heap-based buffer overflow in loadbuf function could lead to remote denial of service (bsc#1068648)
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2018-118,SUSE-SLE-DESKTOP-12-SP3-2018-118,SUSE-SLE-RPI-12-SP2-2018-118,SUSE-SLE-SERVER-12-SP2-2018-118,SUSE-SLE-SERVER-12-SP3-2018-118
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for procmail",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for procmail fixes the following issues:\n\n- CVE-2017-16844: Heap-based buffer overflow in loadbuf function could lead to remote denial of service (bsc#1068648)\n \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2018-118,SUSE-SLE-DESKTOP-12-SP3-2018-118,SUSE-SLE-RPI-12-SP2-2018-118,SUSE-SLE-SERVER-12-SP2-2018-118,SUSE-SLE-SERVER-12-SP3-2018-118",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0173-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0173-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180173-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0173-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-January/003618.html"
},
{
"category": "self",
"summary": "SUSE Bug 1068648",
"url": "https://bugzilla.suse.com/1068648"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16844 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16844/"
}
],
"title": "Security update for procmail",
"tracking": {
"current_release_date": "2018-01-22T12:38:00Z",
"generator": {
"date": "2018-01-22T12:38:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0173-1",
"initial_release_date": "2018-01-22T12:38:00Z",
"revision_history": [
{
"date": "2018-01-22T12:38:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-269.3.5.aarch64",
"product": {
"name": "procmail-3.22-269.3.5.aarch64",
"product_id": "procmail-3.22-269.3.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-269.3.5.ppc64le",
"product": {
"name": "procmail-3.22-269.3.5.ppc64le",
"product_id": "procmail-3.22-269.3.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-269.3.5.s390x",
"product": {
"name": "procmail-3.22-269.3.5.s390x",
"product_id": "procmail-3.22-269.3.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-269.3.5.x86_64",
"product": {
"name": "procmail-3.22-269.3.5.x86_64",
"product_id": "procmail-3.22-269.3.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:procmail-3.22-269.3.5.x86_64"
},
"product_reference": "procmail-3.22-269.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:procmail-3.22-269.3.5.x86_64"
},
"product_reference": "procmail-3.22-269.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:procmail-3.22-269.3.5.aarch64"
},
"product_reference": "procmail-3.22-269.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.aarch64"
},
"product_reference": "procmail-3.22-269.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.ppc64le"
},
"product_reference": "procmail-3.22-269.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.s390x"
},
"product_reference": "procmail-3.22-269.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.x86_64"
},
"product_reference": "procmail-3.22-269.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.aarch64"
},
"product_reference": "procmail-3.22-269.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.ppc64le"
},
"product_reference": "procmail-3.22-269.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.s390x"
},
"product_reference": "procmail-3.22-269.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.x86_64"
},
"product_reference": "procmail-3.22-269.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.aarch64"
},
"product_reference": "procmail-3.22-269.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.ppc64le"
},
"product_reference": "procmail-3.22-269.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.s390x"
},
"product_reference": "procmail-3.22-269.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.x86_64"
},
"product_reference": "procmail-3.22-269.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.aarch64"
},
"product_reference": "procmail-3.22-269.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.ppc64le"
},
"product_reference": "procmail-3.22-269.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.s390x"
},
"product_reference": "procmail-3.22-269.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-269.3.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.x86_64"
},
"product_reference": "procmail-3.22-269.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16844"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16844",
"url": "https://www.suse.com/security/cve/CVE-2017-16844"
},
{
"category": "external",
"summary": "SUSE Bug 1068648 for CVE-2017-16844",
"url": "https://bugzilla.suse.com/1068648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP3:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:procmail-3.22-269.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procmail-3.22-269.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-22T12:38:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16844"
}
]
}
CNVD-2017-34805
Vulnerability from cnvd - Published: 2017-11-22
VLAI Severity ?
Title
procmail堆缓冲区溢出漏洞
Description
procmail是一套邮件管理工具。该工具支持过滤和排序邮件,创建邮件服务器、邮件列表等。
procmail 3.22版本中的formail的formisc.c文件的‘loadbuf’函数存在堆缓冲区溢出漏洞。远程攻击者可借助特制的e-mail消息利用该漏洞造成拒绝服务(应用程序崩溃)。
Severity
中
Patch Name
procmail堆缓冲区溢出漏洞的补丁
Patch Description
procmail是一套邮件管理工具。该工具支持过滤和排序邮件,创建邮件服务器、邮件列表等。
procmail 3.22版本中的formail的formisc.c文件的‘loadbuf’函数存在堆缓冲区溢出漏洞。远程攻击者可借助特制的e-mail消息利用该漏洞造成拒绝服务(应用程序崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: http://www.procmail.org/
Reference
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
Impacted products
| Name | Procmail Procmail 3.22 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-16844"
}
},
"description": "procmail\u662f\u4e00\u5957\u90ae\u4ef6\u7ba1\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u652f\u6301\u8fc7\u6ee4\u548c\u6392\u5e8f\u90ae\u4ef6\uff0c\u521b\u5efa\u90ae\u4ef6\u670d\u52a1\u5668\u3001\u90ae\u4ef6\u5217\u8868\u7b49\u3002\r\n\r\nprocmail 3.22\u7248\u672c\u4e2d\u7684formail\u7684formisc.c\u6587\u4ef6\u7684\u2018loadbuf\u2019\u51fd\u6570\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684e-mail\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002",
"discovererName": "Jakub Wilk \u003cjwilk@jwilk.net\u003e",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.procmail.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-34805",
"openTime": "2017-11-22",
"patchDescription": "procmail\u662f\u4e00\u5957\u90ae\u4ef6\u7ba1\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u652f\u6301\u8fc7\u6ee4\u548c\u6392\u5e8f\u90ae\u4ef6\uff0c\u521b\u5efa\u90ae\u4ef6\u670d\u52a1\u5668\u3001\u90ae\u4ef6\u5217\u8868\u7b49\u3002\r\n\r\nprocmail 3.22\u7248\u672c\u4e2d\u7684formail\u7684formisc.c\u6587\u4ef6\u7684\u2018loadbuf\u2019\u51fd\u6570\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684e-mail\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "procmail\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Procmail Procmail 3.22"
},
"referenceLink": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511",
"serverity": "\u4e2d",
"submitTime": "2017-11-20",
"title": "procmail\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
OPENSUSE-SU-2024:11194-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
procmail-3.22-277.3 on GA media
Notes
Title of the patch
procmail-3.22-277.3 on GA media
Description of the patch
These are all security issues fixed in the procmail-3.22-277.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11194
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "procmail-3.22-277.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the procmail-3.22-277.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11194",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11194-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16844 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16844/"
}
],
"title": "procmail-3.22-277.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11194-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-277.3.aarch64",
"product": {
"name": "procmail-3.22-277.3.aarch64",
"product_id": "procmail-3.22-277.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-277.3.ppc64le",
"product": {
"name": "procmail-3.22-277.3.ppc64le",
"product_id": "procmail-3.22-277.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-277.3.s390x",
"product": {
"name": "procmail-3.22-277.3.s390x",
"product_id": "procmail-3.22-277.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "procmail-3.22-277.3.x86_64",
"product": {
"name": "procmail-3.22-277.3.x86_64",
"product_id": "procmail-3.22-277.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-277.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procmail-3.22-277.3.aarch64"
},
"product_reference": "procmail-3.22-277.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-277.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procmail-3.22-277.3.ppc64le"
},
"product_reference": "procmail-3.22-277.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-277.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procmail-3.22-277.3.s390x"
},
"product_reference": "procmail-3.22-277.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procmail-3.22-277.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procmail-3.22-277.3.x86_64"
},
"product_reference": "procmail-3.22-277.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16844"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:procmail-3.22-277.3.aarch64",
"openSUSE Tumbleweed:procmail-3.22-277.3.ppc64le",
"openSUSE Tumbleweed:procmail-3.22-277.3.s390x",
"openSUSE Tumbleweed:procmail-3.22-277.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16844",
"url": "https://www.suse.com/security/cve/CVE-2017-16844"
},
{
"category": "external",
"summary": "SUSE Bug 1068648 for CVE-2017-16844",
"url": "https://bugzilla.suse.com/1068648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:procmail-3.22-277.3.aarch64",
"openSUSE Tumbleweed:procmail-3.22-277.3.ppc64le",
"openSUSE Tumbleweed:procmail-3.22-277.3.s390x",
"openSUSE Tumbleweed:procmail-3.22-277.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:procmail-3.22-277.3.aarch64",
"openSUSE Tumbleweed:procmail-3.22-277.3.ppc64le",
"openSUSE Tumbleweed:procmail-3.22-277.3.s390x",
"openSUSE Tumbleweed:procmail-3.22-277.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16844"
}
]
}
GHSA-4F62-C8FW-44PP
Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2022-05-14 03:46
VLAI?
Details
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2017-16844"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-16T15:29:00Z",
"severity": "CRITICAL"
},
"details": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.",
"id": "GHSA-4f62-c8fw-44pp",
"modified": "2022-05-14T03:46:33Z",
"published": "2022-05-14T03:46:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16844"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3269"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4041"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039844"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…