CVE-2014-7844

HIGH

Red Hat Enterprise Linux - Remote Code Execution via Crafted Email Address

Title source: llm
STIX 2.1

Description

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

References (5)

Core 5
Core References
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://seclists.org/oss-sec/2014/q4/1066
Third Party Advisory x_refsource_misc
http://linux.oracle.com/errata/ELSA-2014-1999.html
Third Party Advisory x_refsource_misc
http://www.debian.org/security/2014/dsa-3104
Third Party Advisory x_refsource_misc
http://www.debian.org/security/2014/dsa-3105
Third Party Advisory x_refsource_misc
http://rhn.redhat.com/errata/RHSA-2014-1999.html

Scores

CVSS v3 7.8
EPSS 0.0155
EPSS Percentile 72.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (24)
bsd_mailx_project/bsd_mailx 8.1.2
debian/debian_linux 7.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_server_aus 6.6
redhat/enterprise_linux_server_aus 7.3
redhat/enterprise_linux_server_aus 7.4
redhat/enterprise_linux_server_aus 7.6
... and 14 more
Published Jan 14, 2020
Tracked Since Feb 18, 2026