CVE-2012-4507: Null Pointer Dereference
First published: Wed Oct 03 2012(Updated: )
Description of problem: A specific mail in the user mbox file cause claws-mail to crash reliabily. Version-Release number of selected component: claws-mail-3.8.1-1.fc17 Additional info: libreport version: 2.0.14 abrt_version: 2.0.13 backtrace_rating: 4 cmdline: claws-mail crash_function: strchr kernel: 3.5.4-2.fc17.x86_64 truncated backtrace: :Thread no. 1 (10 frames) : #0 strchr at ../sysdeps/x86_64/strchr.S:33 : #1 parse_parameters at procmime.c:1756 : #2 procmime_parse_content_disposition at procmime.c:1842 : #3 procmime_parse_mimepart at procmime.c:1967 : #4 procmime_parse_multipart at procmime.c:1566 : #5 procmime_parse_mimepart at procmime.c:1994 : #6 procmime_parse_message_rfc822 at procmime.c:1393 : #7 procmime_scan_file_with_offset at procmime.c:2058 : #8 procmime_scan_file_full at procmime.c:2071 : #9 procmime_scan_file at procmime.c:2078
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Claws-Mail | =3.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620707
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620707&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620708
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620708&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620709
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620709&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620710
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620710&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620711
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620711&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620712
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620712&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620713
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620713&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620714
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620714&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620715
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620715&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620716
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620716&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620717
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=620717&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=621012&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=621012&action=edit
- http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743
- http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html
- http://seclists.org/oss-sec/2011/q4/3
- https://access.redhat.com/security/cve/CVE-2012-4507
- http://seclists.org/oss-sec/2012/q4/41
- http://seclists.org/oss-sec/2012/q4/45
- http://cve.mitre.org/about/faqs.html#a2
- https://admin.fedoraproject.org/updates/claws-mail-3.8.1-3.fc18
- https://admin.fedoraproject.org/updates/claws-mail-3.8.1-3.fc17
- https://admin.fedoraproject.org/updates/claws-mail-3.8.1-3.fc16
- https://admin.fedoraproject.org/updates/FEDORA-2012-16689/claws-mail-3.8.1-3.fc18
- https://bugzilla.redhat.com/show_bug.cgi?id=862578
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00064.html
- http://www.openwall.com/lists/oss-security/2012/10/09/1
- http://www.openwall.com/lists/oss-security/2012/10/09/3
- http://www.openwall.com/lists/oss-security/2012/10/10/3
- http://www.securityfocus.com/bid/55837
Frequently Asked Questions
What is the severity of CVE-2012-4507?
CVE-2012-4507 is considered a moderate severity vulnerability due to its ability to reliably crash the Claws Mail application.
How does CVE-2012-4507 affect Claws Mail?
CVE-2012-4507 affects Claws Mail version 3.8.1, causing it to crash when processing a specific mail in the user mbox file.
How do I fix CVE-2012-4507?
To fix CVE-2012-4507, upgrade Claws Mail to a version that addresses this vulnerability.
What is the version of Claws Mail affected by CVE-2012-4507?
CVE-2012-4507 specifically affects Claws Mail version 3.8.1.
Can CVE-2012-4507 be exploited remotely?
CVE-2012-4507 requires the targeted email to be present in the user’s mbox file, making it not directly exploitable remotely.
- collector/redhat-bugzilla
- alias/CVE-2012-4507
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/claws-mail
- canonical/claws-mail
- version/claws-mail/3.8.1