7.8

CVE-2006-5974

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FetchmailFetchmail Version6.3.5
FetchmailFetchmail Version6.3.6 Updaterc1
FetchmailFetchmail Version6.3.6 Updaterc2
FetchmailFetchmail Version6.3.6 Updaterc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.79% 0.886
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.novell.com/linux/security/advisories/2007_4_sr.html
http://fedoranews.org/cms/node/2429
http://secunia.com/advisories/23631
Vendor Advisory
http://secunia.com/advisories/23804
Vendor Advisory
http://secunia.com/advisories/23838
Vendor Advisory
http://secunia.com/advisories/23923
Vendor Advisory
http://secunia.com/advisories/24151
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-13.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html
http://www.trustix.org/errata/2007/0007
http://www.vupen.com/english/advisories/2007/0087
http://www.vupen.com/english/advisories/2007/0088
http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt
http://osvdb.org/31836
http://securitytracker.com/id?1017479
http://www.securityfocus.com/archive/1/456114/100/0/threaded
http://www.securityfocus.com/bid/21902
Patch