https://bugzilla.redhat.com/show_bug.cgi?id=1835353
Bug ID: 1835353 Summary: rubygem-mail: Out of memory issue through nested MIME parts Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: akarol@redhat.com, alexl@redhat.com, bbuckingham@redhat.com, bcourt@redhat.com, bkearney@redhat.com, btotty@redhat.com, caillon+fedoraproject@gmail.com, caolanm@redhat.com, dmetzger@redhat.com, gmccullo@redhat.com, gnome-sig@lists.fedoraproject.org, gtanzill@redhat.com, hhudgeon@redhat.com, jfrey@redhat.com, jhardy@redhat.com, john.j5live@gmail.com, jose.p.oliveira.oss@gmail.com, lzap@redhat.com, mclasen@redhat.com, mmccune@redhat.com, nmoumoul@redhat.com, obarenbo@redhat.com, paul@city-fan.org, perl-devel@lists.fedoraproject.org, rchan@redhat.com, rhughes@redhat.com, rjerrido@redhat.com, rob.myers@gtri.gatech.edu, roliveri@redhat.com, rstrode@redhat.com, sandmann@redhat.com, simaishi@redhat.com, smallamp@redhat.com, sokeeffe@redhat.com, tbrisker@redhat.com, tcallawa@redhat.com, vondruch@redhat.com, walter.pete@yandex.com, xavier@bachelot.org Target Milestone: --- Classification: Other
A possible DoS issue may affect several MIME parsers. Messages with too many tiny nested MIME parts can lead to memory exhaustion on split().
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960064 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960062 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960159 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960158