CVE-2008-3962

2008-09-1101:13:47

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

EPSS

0.006

Percentile

79.0%

JSON

The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.

OSVersionArchitecturePackageVersionFilename
Debian12allssmtp< 2.62-1.1ssmtp_2.62-1.1_all.deb
Debian11allssmtp< 2.62-1.1ssmtp_2.62-1.1_all.deb
Debian999allssmtp< 2.62-1.1ssmtp_2.62-1.1_all.deb
Debian13allssmtp< 2.62-1.1ssmtp_2.62-1.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ssmtp	< 2.62-1.1	ssmtp_2.62-1.1_all.deb
Debian	11	all	ssmtp	< 2.62-1.1	ssmtp_2.62-1.1_all.deb
Debian	999	all	ssmtp	< 2.62-1.1	ssmtp_2.62-1.1_all.deb
Debian	13	all	ssmtp	< 2.62-1.1	ssmtp_2.62-1.1_all.deb