Vulnerability Details CVE-2024-4140
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.4%
CVSS Severity
CVSS v3 Score 7.5
References
- https://bugs.debian.org/960062
- https://github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2
- https://github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8
- https://github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531
- https://github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2d
- https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1
- https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63
- https://github.com/rjbs/Email-MIME/issues/66
- https://github.com/rjbs/Email-MIME/pull/80
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHXHDLPZ6JV4KK3Q43O6TE3WOBAIUQRC/
- https://www.cve.org/CVERecord?id=CVE-2024-4140
- https://bugs.debian.org/960062
- https://github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2
- https://github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8
- https://github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531
- https://github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2d
- https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1
- https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63
- https://github.com/rjbs/Email-MIME/issues/66
- https://github.com/rjbs/Email-MIME/pull/80
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHXHDLPZ6JV4KK3Q43O6TE3WOBAIUQRC/
- https://www.cve.org/CVERecord?id=CVE-2024-4140
Products affected by CVE-2024-4140
-
cpe:2.3:a:rjbs:email-mime:1.85
-
cpe:2.3:a:rjbs:email-mime:1.851
-
cpe:2.3:a:rjbs:email-mime:1.852
-
cpe:2.3:a:rjbs:email-mime:1.853
-
cpe:2.3:a:rjbs:email-mime:1.854
-
cpe:2.3:a:rjbs:email-mime:1.855
-
cpe:2.3:a:rjbs:email-mime:1.856
-
cpe:2.3:a:rjbs:email-mime:1.857
-
cpe:2.3:a:rjbs:email-mime:1.858
-
cpe:2.3:a:rjbs:email-mime:1.859
-
cpe:2.3:a:rjbs:email-mime:1.860
-
cpe:2.3:a:rjbs:email-mime:1.862
-
cpe:2.3:a:rjbs:email-mime:1.863
-
cpe:2.3:a:rjbs:email-mime:1.900
-
cpe:2.3:a:rjbs:email-mime:1.901
-
cpe:2.3:a:rjbs:email-mime:1.902
-
cpe:2.3:a:rjbs:email-mime:1.903
-
cpe:2.3:a:rjbs:email-mime:1.904
-
cpe:2.3:a:rjbs:email-mime:1.905
-
cpe:2.3:a:rjbs:email-mime:1.906
-
cpe:2.3:a:rjbs:email-mime:1.907
-
cpe:2.3:a:rjbs:email-mime:1.908
-
cpe:2.3:a:rjbs:email-mime:1.909
-
cpe:2.3:a:rjbs:email-mime:1.910
-
cpe:2.3:a:rjbs:email-mime:1.911
-
cpe:2.3:a:rjbs:email-mime:1.912_01
-
cpe:2.3:a:rjbs:email-mime:1.920
-
cpe:2.3:a:rjbs:email-mime:1.921
-
cpe:2.3:a:rjbs:email-mime:1.922
-
cpe:2.3:a:rjbs:email-mime:1.923
-
cpe:2.3:a:rjbs:email-mime:1.924
-
cpe:2.3:a:rjbs:email-mime:1.925
-
cpe:2.3:a:rjbs:email-mime:1.926
-
cpe:2.3:a:rjbs:email-mime:1.927
-
cpe:2.3:a:rjbs:email-mime:1.928
-
cpe:2.3:a:rjbs:email-mime:1.929
-
cpe:2.3:a:rjbs:email-mime:1.930
-
cpe:2.3:a:rjbs:email-mime:1.931
-
cpe:2.3:a:rjbs:email-mime:1.932
-
cpe:2.3:a:rjbs:email-mime:1.933
-
cpe:2.3:a:rjbs:email-mime:1.934
-
cpe:2.3:a:rjbs:email-mime:1.935
-
cpe:2.3:a:rjbs:email-mime:1.936
-
cpe:2.3:a:rjbs:email-mime:1.937
-
cpe:2.3:a:rjbs:email-mime:1.938
-
cpe:2.3:a:rjbs:email-mime:1.939
-
cpe:2.3:a:rjbs:email-mime:1.940
-
cpe:2.3:a:rjbs:email-mime:1.941
-
cpe:2.3:a:rjbs:email-mime:1.942
-
cpe:2.3:a:rjbs:email-mime:1.943
-
cpe:2.3:a:rjbs:email-mime:1.944
-
cpe:2.3:a:rjbs:email-mime:1.945
-
cpe:2.3:a:rjbs:email-mime:1.946
-
cpe:2.3:a:rjbs:email-mime:1.947
-
cpe:2.3:a:rjbs:email-mime:1.948
-
cpe:2.3:a:rjbs:email-mime:1.949
-
cpe:2.3:a:rjbs:email-mime:1.950
-
cpe:2.3:a:rjbs:email-mime:1.951
-
cpe:2.3:a:rjbs:email-mime:1.952
-
cpe:2.3:a:rjbs:email-mime:1.953
-
cpe:2.3:o:fedoraproject:fedora:39
-
cpe:2.3:o:fedoraproject:fedora:40