High severity7.5NVD Advisory· Published May 2, 2024· Updated Jun 17, 2026
CVE-2024-4140
CVE-2024-4140
Description
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <1.954
- rjbs/Email-MIMEv5Range: 0
Patches
Vulnerability mechanics
References
12- github.com/rjbs/Email-MIME/commit/02bf3e26812c8f38a86a33c168571f9783365df2nvdPatch
- github.com/rjbs/Email-MIME/commit/3a12edd119e493156a5a05e45dd50f4e36b702e8nvdPatch
- github.com/rjbs/Email-MIME/commit/3dcf096eeccb8e4dd42738de676c8f4a5aa7a531nvdPatch
- github.com/rjbs/Email-MIME/commit/7e96ecfa1da44914a407f82ae98ba817bba08f2dnvdPatch
- github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1nvdPatch
- github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63nvdPatch
- www.cve.org/CVERecordnvdThird Party Advisory
- bugs.debian.org/960062nvdMailing List
- github.com/rjbs/Email-MIME/issues/66nvdIssue Tracking
- github.com/rjbs/Email-MIME/pull/80nvdIssue Tracking
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHXHDLPZ6JV4KK3Q43O6TE3WOBAIUQRC/nvdMailing List
News mentions
0No linked articles in our index yet.