CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
14.2%
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
[
{
"packageName": "libemail-mime-perl",
"product": "Email-MIME",
"vendor": "rjbs",
"repo": "https://github.com/rjbs/Email-MIME",
"platforms": [
"Linux"
],
"versions": [
{
"lessThan": "1.954",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]
bugs.debian.org/960062
github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2
github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8
github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531
github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2d
github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1
github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63
github.com/rjbs/Email-MIME/issues/66
github.com/rjbs/Email-MIME/pull/80
lists.fedoraproject.org/archives/list/[email protected]/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
lists.fedoraproject.org/archives/list/[email protected]/message/YHXHDLPZ6JV4KK3Q43O6TE3WOBAIUQRC/
www.cve.org/CVERecord?id=CVE-2024-4140