CVE-2024-4140
HIGHEmail-MIME < 1.954 - Denial of Service via Excessive Memory Use in MIME Message Parsing
Title source: llmDescription
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
References (12)
Core 12
Core References
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/YHXHDLPZ6JV4KK3Q43O6TE3WOBAIUQRC/
Issue Tracking issue-tracking
https://github.com/rjbs/Email-MIME/issues/66
Issue Tracking issue-tracking
https://github.com/rjbs/Email-MIME/pull/80
Mailing List issue-tracking
https://bugs.debian.org/960062
Third Party Advisory issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-4140
Scores
CVSS v3
7.5
EPSS
0.0113
EPSS Percentile
62.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (3)
fedoraproject/fedora
39
fedoraproject/fedora
40
rjbs/email-mime
< 1.954
Published
May 02, 2024
Tracked Since
Feb 18, 2026