CVE-2010-0562

2010-02-0821:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2010-0562

fetchmail

sdump function

heap-based buffer overflow

application crash

denial of service

remote code execution

ssl x.509 certificate.

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.094

Percentile

94.8%

JSON

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.

Affected configurations

Nvd

Node

fetchmailfetchmailMatch6.3.11

fetchmailfetchmailMatch6.3.12

fetchmailfetchmailMatch6.3.13

VendorProductVersionCPE
fetchmailfetchmail6.3.11cpe:2.3:a:fetchmail:fetchmail:6.3.11:*:*:*:*:*:*:*
fetchmailfetchmail6.3.12cpe:2.3:a:fetchmail:fetchmail:6.3.12:*:*:*:*:*:*:*
fetchmailfetchmail6.3.13cpe:2.3:a:fetchmail:fetchmail:6.3.13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fetchmail	fetchmail	6.3.11	cpe:2.3:a:fetchmail:fetchmail:6.3.11:::::::*
fetchmail	fetchmail	6.3.12	cpe:2.3:a:fetchmail:fetchmail:6.3.12:::::::*
fetchmail	fetchmail	6.3.13	cpe:2.3:a:fetchmail:fetchmail:6.3.13:::::::*