An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial     of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth     and the total number of parts. (CVE-2024-4140)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-032e16360b advisory.

    This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140),     which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS     configuration, which limits how many parts will be considered for parsing, defaulting to 100.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-38fb541a75 advisory.

    This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140),     which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS     configuration, which limits how many parts will be considered for parsing, defaulting to 100.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
228458	Linux Distros Unpatched Vulnerability : CVE-2024-4140	Nessus	Misc.	high
197911	Fedora 40 : perl-Email-MIME (2024-032e16360b)	Nessus	Fedora Local Security Checks	high
197910	Fedora 39 : perl-Email-MIME (2024-38fb541a75)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2024-4140

high

Tenable Plugins

high

high

high