Skip to main content

Ytnef CVE-2017-12144

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2017-08-02 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 02, 2017 - 05:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

AnalysisAI

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Affected products include: Ytnef Project Ytnef.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.

More in Ytnef

View all
CVE-2017-9146 HIGH POC
8.8 May 22

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before

CVE-2021-3404 HIGH POC
7.8 Mar 04

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potential

CVE-2021-3403 HIGH POC
7.8 Mar 04

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and

CVE-2017-6800 HIGH POC
7.5 Mar 10

An issue was discovered in ytnef before 1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl

CVE-2017-9058 CRITICAL
9.8 May 18

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZ

CVE-2017-9473 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory co

CVE-2017-9471 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based bu

CVE-2017-9470 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer

CVE-2017-9474 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-bas

CVE-2017-9472 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based b

CVE-2017-6306 HIGH
7.8 Feb 24

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication r

CVE-2017-6304 HIGH
7.8 Feb 24

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication r

Share

CVE-2017-12144 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy