CVE-2024-4140
HIGHRjbs Email-mime < 1.954 - Resource Allocation Without Limits
Title source: ruleDescription
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
References (12)
Core 12
Core References
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/YHXHDLPZ6JV4KK3Q43O6TE3WOBAIUQRC/
Issue Tracking issue-tracking
https://github.com/rjbs/Email-MIME/issues/66
Issue Tracking issue-tracking
https://github.com/rjbs/Email-MIME/pull/80
Mailing List issue-tracking
https://bugs.debian.org/960062
Third Party Advisory issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-4140
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
51.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (3)
fedoraproject/fedora
39
fedoraproject/fedora
40
rjbs/email-mime
< 1.954
Published
May 02, 2024
Tracked Since
Feb 18, 2026