Lucene search

[email protected]CVE-2002-2034

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-2034

2022-10-0316:23:50

[email protected]

web.nvd.nist.gov

email sanitizer

procmail

remote attackers

mail filter bypass

arbitrary code execution

crafted attachments

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments.

Affected configurations

NVD

Node

john_hardinprocmail_email_sanitizerMatch1.131

john_hardinprocmail_email_sanitizerMatch1.132

CPENameOperatorVersion
john_hardin:procmail_email_sanitizerjohn hardin procmail email sanitizereq1.131
john_hardin:procmail_email_sanitizerjohn hardin procmail email sanitizereq1.132

CPE	Name	Operator	Version
john_hardin:procmail_email_sanitizer	john hardin procmail email sanitizer	eq	1.131
john_hardin:procmail_email_sanitizer	john hardin procmail email sanitizer	eq	1.132

References

www.impsec.org/email-tools/sanitizer-changelog.html

www.iss.net/security_center/static/7847.php

www.securityfocus.com/bid/3820

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2002-2034

nvd1 cvelist1