5

CVE-2006-0321

fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FetchmailFetchmail Version6.3.0
FetchmailFetchmail Version6.3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.5% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://secunia.com/advisories/21253
Vendor Advisory
http://www.securityfocus.com/bid/19289
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/3101
http://secunia.com/advisories/18895
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747
http://developer.berlios.de/project/shownotes.php?release_id=8784
http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt
Patch
Vendor Advisory
http://secunia.com/advisories/18571
Vendor Advisory
http://securitytracker.com/id?1015527
http://www.osvdb.org/22691
http://www.securityfocus.com/archive/1/422936/100/0/threaded
http://www.securityfocus.com/bid/16365
http://www.vupen.com/english/advisories/2006/0300
https://exchange.xforce.ibmcloud.com/vulnerabilities/24265