Home

CVE-2004-2771

Description

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.007

Associated Vulnerability

VulnerabilityOS Platform
heirloom-mailx security update(DSA-3105-1) heirloom-mailx_12.5-2+deb7u1_i386.debLinux
Mailx security update (CESA-2014:1999) mailx-12.4-8.el6_6.i686.rpmLinux
Mailx security update (CESA-2014:1999) mailx-12.4-8.el6_6.x86_64.rpmLinux
Mailx update (ELSA-2014-1999) mailx-12.4-8.el6_6.x86_64.rpmLinux
Mailx update (ELSA-2014-1999) mailx-12.4-8.el6_6.i686.rpmLinux
Improper Input Validation Vulnerability (CVE-2004-2771)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234