4.3

CVE-2008-2711

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FetchmailFetchmail Version <= 6.3.8
FetchmailFetchmail Version4.5.1
FetchmailFetchmail Version4.5.2
FetchmailFetchmail Version4.5.3
FetchmailFetchmail Version4.5.4
FetchmailFetchmail Version4.5.5
FetchmailFetchmail Version4.5.6
FetchmailFetchmail Version4.5.7
FetchmailFetchmail Version4.5.8
FetchmailFetchmail Version4.6.0
FetchmailFetchmail Version4.6.1
FetchmailFetchmail Version4.6.2
FetchmailFetchmail Version4.6.3
FetchmailFetchmail Version4.6.4
FetchmailFetchmail Version4.6.5
FetchmailFetchmail Version4.6.6
FetchmailFetchmail Version4.6.7
FetchmailFetchmail Version4.6.8
FetchmailFetchmail Version4.6.9
FetchmailFetchmail Version4.7.0
FetchmailFetchmail Version4.7.1
FetchmailFetchmail Version4.7.2
FetchmailFetchmail Version4.7.3
FetchmailFetchmail Version4.7.4
FetchmailFetchmail Version4.7.5
FetchmailFetchmail Version4.7.6
FetchmailFetchmail Version4.7.7
FetchmailFetchmail Version5.0.0
FetchmailFetchmail Version5.0.1
FetchmailFetchmail Version5.0.2
FetchmailFetchmail Version5.0.3
FetchmailFetchmail Version5.0.4
FetchmailFetchmail Version5.0.5
FetchmailFetchmail Version5.0.6
FetchmailFetchmail Version5.0.7
FetchmailFetchmail Version5.0.8
FetchmailFetchmail Version5.1.0
FetchmailFetchmail Version5.1.4
FetchmailFetchmail Version5.2.0
FetchmailFetchmail Version5.2.1
FetchmailFetchmail Version5.2.3
FetchmailFetchmail Version5.2.4
FetchmailFetchmail Version5.2.7
FetchmailFetchmail Version5.2.8
FetchmailFetchmail Version5.3.0
FetchmailFetchmail Version5.3.1
FetchmailFetchmail Version5.3.3
FetchmailFetchmail Version5.3.8
FetchmailFetchmail Version5.4.0
FetchmailFetchmail Version5.4.3
FetchmailFetchmail Version5.4.4
FetchmailFetchmail Version5.4.5
FetchmailFetchmail Version5.5.0
FetchmailFetchmail Version5.5.2
FetchmailFetchmail Version5.5.3
FetchmailFetchmail Version5.5.5
FetchmailFetchmail Version5.5.6
FetchmailFetchmail Version5.6.0
FetchmailFetchmail Version5.7.0
FetchmailFetchmail Version5.7.2
FetchmailFetchmail Version5.7.4
FetchmailFetchmail Version5.8
FetchmailFetchmail Version5.8.1
FetchmailFetchmail Version5.8.2
FetchmailFetchmail Version5.8.3
FetchmailFetchmail Version5.8.4
FetchmailFetchmail Version5.8.5
FetchmailFetchmail Version5.8.6
FetchmailFetchmail Version5.8.11
FetchmailFetchmail Version5.8.13
FetchmailFetchmail Version5.8.14
FetchmailFetchmail Version5.8.17
FetchmailFetchmail Version5.9.0
FetchmailFetchmail Version5.9.4
FetchmailFetchmail Version5.9.5
FetchmailFetchmail Version5.9.8
FetchmailFetchmail Version5.9.10
FetchmailFetchmail Version5.9.11
FetchmailFetchmail Version5.9.13
FetchmailFetchmail Version6.0.0
FetchmailFetchmail Version6.1.0
FetchmailFetchmail Version6.1.3
FetchmailFetchmail Version6.2.0
FetchmailFetchmail Version6.2.1
FetchmailFetchmail Version6.2.2
FetchmailFetchmail Version6.2.3
FetchmailFetchmail Version6.2.4
FetchmailFetchmail Version6.2.5
FetchmailFetchmail Version6.2.5.1
FetchmailFetchmail Version6.2.5.2
FetchmailFetchmail Version6.2.5.4
FetchmailFetchmail Version6.2.6 Updatepre4
FetchmailFetchmail Version6.2.6 Updatepre8
FetchmailFetchmail Version6.2.6 Updatepre9
FetchmailFetchmail Version6.2.9 Updaterc10
FetchmailFetchmail Version6.2.9 Updaterc3
FetchmailFetchmail Version6.2.9 Updaterc4
FetchmailFetchmail Version6.2.9 Updaterc5
FetchmailFetchmail Version6.2.9 Updaterc7
FetchmailFetchmail Version6.2.9 Updaterc8
FetchmailFetchmail Version6.2.9 Updaterc9
FetchmailFetchmail Version6.3.0
FetchmailFetchmail Version6.3.1
FetchmailFetchmail Version6.3.2
FetchmailFetchmail Version6.3.3
FetchmailFetchmail Version6.3.4
FetchmailFetchmail Version6.3.5
FetchmailFetchmail Version6.3.6
FetchmailFetchmail Version6.3.6 Updaterc1
FetchmailFetchmail Version6.3.6 Updaterc2
FetchmailFetchmail Version6.3.6 Updaterc3
FetchmailFetchmail Version6.3.6 Updaterc4
FetchmailFetchmail Version6.3.6 Updaterc5
FetchmailFetchmail Version6.3.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3% 0.856
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
Vendor Advisory
http://support.apple.com/kb/HT3438
http://www.vupen.com/english/advisories/2009/0422
http://secunia.com/advisories/30742
Vendor Advisory
http://secunia.com/advisories/30895
Vendor Advisory
http://secunia.com/advisories/31262
Vendor Advisory
http://secunia.com/advisories/31287
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0235
http://www.fetchmail.info/fetchmail-SA-2008-01.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2008:117
http://www.openwall.com/lists/oss-security/2008/06/13/1
http://www.openwall.com/lists/oss-security/2021/08/09/1
http://www.securityfocus.com/archive/1/493391/100/0/threaded
http://www.securityfocus.com/archive/1/494865/100/0/threaded
http://www.securityfocus.com/bid/29705
http://www.securitytracker.com/id?1020298
http://www.vupen.com/english/advisories/2008/1860/references
https://bugzilla.novell.com/show_bug.cgi?id=354291
https://exchange.xforce.ibmcloud.com/vulnerabilities/43121
https://issues.rpath.com/browse/RPL-2623
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10950
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01091.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01095.html