CVE-2024-21742

Published: 27 February 2024

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

Priority

Status

Package	Release	Status
apache-mime4j Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	jammy	Needs triage
	mantic	Ignored (end of life, was needs-triage)
	noble	Needs triage
	trusty	Ignored (end of standard support)
	upstream	Needs triage
	xenial	Needs triage

References

https://www.openwall.com/lists/oss-security/2024/02/27/5
https://github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1 (apache-mime4j-project-0.8.10)
https://github.com/apache/james-mime4j/pull/91
https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy
https://www.cve.org/CVERecord?id=CVE-2024-21742
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.