CVE-2024-21742
Publication date 27 February 2024
Last updated 4 August 2025
Ubuntu priority
Description
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| apache-mime4j | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
References
Other references
- https://www.openwall.com/lists/oss-security/2024/02/27/5
- https://github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1 (apache-mime4j-project-0.8.10)
- https://github.com/apache/james-mime4j/pull/91
- https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy
- https://www.cve.org/CVERecord?id=CVE-2024-21742