CVE-2017-16844

Public on 2017-11-16
Modified on 2018-09-19
Description
A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.
Severity
Important severity
Important
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 procmail 2018-09-19 ALAS-2018-1084 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H