CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
14.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
[
{
"cpes": [
"cpe:2.3:a:rjbs:email_mime:1.954:*:*:*:*:*:*:*"
],
"vendor": "rjbs",
"product": "email_mime",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.954",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
bugs.debian.org/960062
github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2
github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8
github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531
github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2d
github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1
github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63
github.com/rjbs/Email-MIME/issues/66
github.com/rjbs/Email-MIME/pull/80
lists.fedoraproject.org/archives/list/[email protected]/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
lists.fedoraproject.org/archives/list/[email protected]/message/YHXHDLPZ6JV4KK3Q43O6TE3WOBAIUQRC/
www.cve.org/CVERecord?id=CVE-2024-4140
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
14.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial