Lucene search

K

MitreCVELIST:CVE-2021-36386

HistoryJul 29, 2021 - 1:59 p.m.

CVE-2021-36386

2021-07-2913:59:24

mitre

www.cve.org

5

fetchmail report_vbuild

denial of service

mail servers

AI Score

8.2

Confidence

High

EPSS

0.005

Percentile

76.8%

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

References

www.openwall.com/lists/oss-security/2021/07/28/5

www.openwall.com/lists/oss-security/2021/08/09/1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGYO5AHSXTCKA4NQC2Z4H3XMMYNAGC77/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIXKO6QW3AUHGJVWKJXBCOVBYJUJRBFC/

security.gentoo.org/glsa/202209-14

www.fetchmail.info/fetchmail-SA-2021-01.txt

www.fetchmail.info/security.html

AI Score

8.2

Confidence

High

EPSS

0.005

Percentile

76.8%

Related for CVELIST:CVE-2021-36386

suse4 openvas14 nessus21 fedora2 prion1 mageia1 veracode1 osv4 nvd1 cbl_mariner1 alpinelinux1 ubuntucve1 redos1 debiancve1 cve1 almalinux1 redhatcve1 oraclelinux1 freebsd1 gentoo1 rocky1 redhat1