4.3
CVE-2008-2711
- EPSS 3%
- Veröffentlicht 16.06.2008 21:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:16
- CVE-Watchlists
- Unerledigt
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3% | 0.856 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://support.apple.com/kb/HT3438
http://www.vupen.com/english/advisories/2009/0422
http://secunia.com/advisories/30742
http://secunia.com/advisories/30895
http://secunia.com/advisories/31262
http://secunia.com/advisories/31287
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.495740
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0235
http://www.fetchmail.info/fetchmail-SA-2008-01.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2008:117
http://www.openwall.com/lists/oss-security/2008/06/13/1
http://www.openwall.com/lists/oss-security/2021/08/09/1
http://www.securityfocus.com/archive/1/493391/100/0/threaded
http://www.securityfocus.com/archive/1/494865/100/0/threaded
http://www.securityfocus.com/bid/29705
http://www.securitytracker.com/id?1020298
http://www.vupen.com/english/advisories/2008/1860/references
https://bugzilla.novell.com/show_bug.cgi?id=354291
https://exchange.xforce.ibmcloud.com/vulnerabilities/43121
https://issues.rpath.com/browse/RPL-2623
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10950
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01091.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01095.html