Bug 1165717 - procmail: memory corruption in formail
Summary: procmail: memory corruption in formail
Keywords:
Status: CLOSED DUPLICATE of bug 1137581
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1137582 1165723
Blocks: 1165720
TreeView+ depends on / blocked
 
Reported: 2014-11-19 14:30 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-11-25 15:06:58 UTC
Embargoed:


Attachments (Terms of Use)
Example data that crashes formail (217 bytes, application/x-gzip)
2014-11-19 14:34 UTC, Vasyl Kaigorodov
no flags Details

Description Vasyl Kaigorodov 2014-11-19 14:30:57 UTC
It was reported [1] that specially crafted data crashes formail.
See examples attached to this Bugzilla.

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769937

Comment 1 Vasyl Kaigorodov 2014-11-19 14:34:02 UTC
Created attachment 958985 [details]
Example data that crashes formail

Comment 2 Vasyl Kaigorodov 2014-11-19 14:34:26 UTC
Created procmail tracking bugs for this issue:

Affects: fedora-all [bug 1165723]

Comment 3 Jaroslav Škarvada 2014-11-20 14:06:46 UTC
(In reply to Vasyl Kaigorodov from comment #0)
> It was reported [1] that specially crafted data crashes formail.

Where it was reported? There is no [1] link in this bug report.

How to reproduce it with the attached files? I am unable to reproduce it on F20 (procmail-3.22-36.fc20.x86_64) by simply running formail on these files.

Isn't this same as CVE-2014-3618?

Comment 4 Vasyl Kaigorodov 2014-11-25 15:06:58 UTC
(In reply to Jaroslav Škarvada from comment #3)
> (In reply to Vasyl Kaigorodov from comment #0)
> > It was reported [1] that specially crafted data crashes formail.
> 
> Where it was reported? There is no [1] link in this bug report.
> 
> How to reproduce it with the attached files? I am unable to reproduce it on
> F20 (procmail-3.22-36.fc20.x86_64) by simply running formail on these files.
> 
> Isn't this same as CVE-2014-3618?

Looks like you're right, it looks the same issue, sorry for the noise.
Going to close/duplicate this.

*** This bug has been marked as a duplicate of bug 1137581 ***


Note You need to log in before you can comment on or make changes to this bug.