描述
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
AI分析AI驱动
受影响产品
rjbsemail-mime
fedoraprojectfedora
39
fedoraprojectfedora
40
参考资料
- https://bugs.debian.org/960062Mailing List
- https://github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2Patch
- https://github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8Patch
- https://github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531Patch
- https://github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2dPatch
- https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1Patch
- https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63Patch
- https://github.com/rjbs/Email-MIME/issues/66Issue Tracking
- https://github.com/rjbs/Email-MIME/pull/80Issue Tracking
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/Mailing List
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHXHDLPZ6JV4KK3Q43O6TE3WOBAIUQRC/Mailing List
- https://www.cve.org/CVERecord?id=CVE-2024-4140Third Party Advisory
- https://bugs.debian.org/960062Mailing List
- https://github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2Patch
- https://github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8Patch
- https://github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531Patch
- https://github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2dPatch
- https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1Patch
- https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63Patch
- https://github.com/rjbs/Email-MIME/issues/66Issue Tracking