Search for vulnerabilities
Vulnerability details: VCID-3zyz-hwxj-aaad
Vulnerability ID VCID-3zyz-hwxj-aaad
Aliases CVE-2006-1173
Summary Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2006:0515
epss 0.14933 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.14933 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.14933 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.219 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
epss 0.34944 https://api.first.org/data/v1/epss?cve=CVE-2006-1173
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1618028
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2006-1173
Reference id Reference type URL
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1173.json
https://api.first.org/data/v1/epss?cve=CVE-2006-1173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
http://secunia.com/advisories/15779
http://secunia.com/advisories/20473
http://secunia.com/advisories/20641
http://secunia.com/advisories/20650
http://secunia.com/advisories/20651
http://secunia.com/advisories/20654
http://secunia.com/advisories/20673
http://secunia.com/advisories/20675
http://secunia.com/advisories/20679
http://secunia.com/advisories/20683
http://secunia.com/advisories/20684
http://secunia.com/advisories/20694
http://secunia.com/advisories/20726
http://secunia.com/advisories/20782
http://secunia.com/advisories/21042
http://secunia.com/advisories/21160
http://secunia.com/advisories/21327
http://secunia.com/advisories/21612
http://secunia.com/advisories/21647
http://securitytracker.com/id?1016295
https://exchange.xforce.ibmcloud.com/vulnerabilities/27128
https://issues.rpath.com/browse/RPL-526
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only
http://www.debian.org/security/2006/dsa-1155
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html
http://www.f-secure.com/security/fsc-2006-5.shtml
http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml
http://www.kb.cert.org/vuls/id/146718
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104
http://www.openbsd.org/errata38.html#sendmail2
http://www.osvdb.org/26197
http://www.redhat.com/support/errata/RHSA-2006-0515.html
http://www.securityfocus.com/archive/1/437928/100/0/threaded
http://www.securityfocus.com/archive/1/438241/100/0/threaded
http://www.securityfocus.com/archive/1/438330/100/0/threaded
http://www.securityfocus.com/archive/1/440744/100/0/threaded
http://www.securityfocus.com/archive/1/442939/100/0/threaded
http://www.securityfocus.com/bid/18433
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
http://www.vupen.com/english/advisories/2006/2189
http://www.vupen.com/english/advisories/2006/2351
http://www.vupen.com/english/advisories/2006/2388
http://www.vupen.com/english/advisories/2006/2389
http://www.vupen.com/english/advisories/2006/2390
http://www.vupen.com/english/advisories/2006/2798
http://www.vupen.com/english/advisories/2006/3135
1618028 https://bugzilla.redhat.com/show_bug.cgi?id=1618028
373801 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373801
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.1.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
CVE-2006-1173 https://nvd.nist.gov/vuln/detail/CVE-2006-1173
GLSA-200606-19 https://security.gentoo.org/glsa/200606-19
RHSA-2006:0515 https://access.redhat.com/errata/RHSA-2006:0515
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-1173
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95788
EPSS Score 0.14933
Published At Dec. 19, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.