Published: 16/06/2008 Updated: 09/08/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

fetchmail 6.3.8 and previous versions, when running in -v -v (aka verbose) mode, allows remote malicious users to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fetchmail fetchmail 6.3.5
fetchmail fetchmail 6.3.3
fetchmail fetchmail 6.2.5.4
fetchmail fetchmail 6.2.6
fetchmail fetchmail 6.2.0
fetchmail fetchmail 6.1.0
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.8
fetchmail fetchmail 5.7.2
fetchmail fetchmail 5.5.0
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.0.7
fetchmail fetchmail 5.0.6
fetchmail fetchmail 4.7.7
fetchmail fetchmail 4.7.6
fetchmail fetchmail 4.6.8
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.5.8
fetchmail fetchmail 4.5.1
fetchmail fetchmail 5.9.0
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.8.17
fetchmail fetchmail 6.2.5.2
fetchmail fetchmail 6.3.2
fetchmail fetchmail 6.3.1
fetchmail fetchmail 6.2.9
fetchmail fetchmail 6.0.0
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.8.5
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.4.3
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.2.1
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.0.4
fetchmail fetchmail 4.7.5
fetchmail fetchmail 4.7.4
fetchmail fetchmail 4.6.6
fetchmail fetchmail 4.6.5
fetchmail fetchmail 4.5.7
fetchmail fetchmail 4.5.6
fetchmail fetchmail 6.3.6
fetchmail fetchmail 6.2.5.1
fetchmail fetchmail 6.3.4
fetchmail fetchmail 6.3.0
fetchmail fetchmail 6.2.5
fetchmail fetchmail 6.2.3
fetchmail fetchmail 5.9.11
fetchmail fetchmail 5.9.10
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.5.6
fetchmail fetchmail 5.5.5
fetchmail fetchmail 5.3.8
fetchmail fetchmail 5.3.3
fetchmail fetchmail 5.2.0
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.0.3
fetchmail fetchmail 5.0.2
fetchmail fetchmail 4.7.3
fetchmail fetchmail 4.7.2
fetchmail fetchmail 4.6.4
fetchmail fetchmail 4.6.3
fetchmail fetchmail 4.5.5
fetchmail fetchmail 4.5.4
fetchmail fetchmail 6.2.4
fetchmail fetchmail 5.4.0
fetchmail fetchmail
fetchmail fetchmail 6.3.7
fetchmail fetchmail 6.2.2
fetchmail fetchmail 6.2.1
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.8.2
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.5.2
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.1.0
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.0.1
fetchmail fetchmail 5.0.0
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.1
fetchmail fetchmail 4.5.3
fetchmail fetchmail 4.5.2
fetchmail fetchmail 6.1.3
fetchmail fetchmail 5.8.6

oss-sec mailing list archives   By Date By Thread </form>    fetchmail 6421 released/regression fix for 6420's security fix, and UPDATE: fetchmail <= 6419 security announcement 20 ...

补丁管理报告补丁管理摘要网络范围 19216811-1921681255 补丁安装状态数量高危重要中等一般低已安装补丁 0 0 0 0 0 0 未安装补丁 140 32 47 14 3 44 小计 140 32 47 15 3 44 高危等级补丁 CESA-2011:0436_ CESA-2011:0844_ CESA-2011:0999_ 重要等级补丁 CESA-2011:0436_ CESA-2011:0844_ CESA-2011:0999

CWE-20 http://www.openwall.com/lists/oss-security/2008/06/13/1 https://bugzilla.novell.com/show_bug.cgi?id=354291 http://secunia.com/advisories/31287 https://issues.rpath.com/browse/RPL-2623 http://www.securityfocus.com/bid/29705 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0235 http://www.securitytracker.com/id?1020298 http://secunia.com/advisories/31262 http://www.fetchmail.info/fetchmail-SA-2008-01.txt http://secunia.com/advisories/30742 http://www.mandriva.com/security/advisories?name=MDVSA-2008:117 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01095.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01091.html http://secunia.com/advisories/30895 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.vupen.com/english/advisories/2009/0422 http://www.vupen.com/english/advisories/2008/1860/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10950 http://www.securityfocus.com/archive/1/494865/100/0/threaded http://www.securityfocus.com/archive/1/493391/100/0/threaded http://www.openwall.com/lists/oss-security/2021/08/09/1 https://nvd.nist.gov https://github.com/jackytemp/patch-mangement-report http://seclists.org/oss-sec/2021/q3/83

CVE-2008-2711

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect