Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD2A6A966F-1774-11DF-B5C1-0026189BACA3
HistoryFeb 04, 2010 - 12:00 a.m.

fetchmail -- heap overflow on verbose X.509 display

2010-02-0400:00:00
vuxml.freebsd.org
15

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.094

Percentile

94.8%

JSON

Matthias Andree reports:

In verbose mode, fetchmail prints X.509 certificate subject and
issuer information to the user, and counts and allocates a malloc()
buffer for that purpose.
If the material to be displayed contains characters with high bit
set and the platform treats the “char” type as signed, this can cause
a heap buffer overrun because non-printing characters are escaped as
\xFF…FFnn, where nn is 80…FF in hex.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfetchmail= 6.3.11UNKNOWN
FreeBSDanynoarchfetchmail< 6.3.14UNKNOWN

Related

altlinux 2
openvas 8
securityvulns 2
cvelist 1
ubuntucve 1
debiancve 1
cve 1
nessus 5
fedora 1
nvd 1
prion 1
gentoo 1
altlinux
altlinux
Security fix for the ALT Linux 6 package fetchmail version 6.3.14-alt1
2010-03-27 00:00:00
Security fix for the ALT Linux 5 package fetchmail version 6.3.14-alt1
2010-03-27 00:00:00
openvas
openvas
FreeBSD Ports: fetchmail
2010-02-18 00:00:00
Fedora Update for fetchmail FEDORA-2010-3800
2010-03-12 00:00:00
Mandriva Update for fetchmail MDVSA-2010:037 (fetchmail)
2010-02-19 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:037 ] fetchmail
2010-02-16 00:00:00
fetchmail buffer overflow
2010-02-16 00:00:00
cvelist
cvelist
CVE-2010-0562
2010-02-08 21:00:00
ubuntucve
ubuntucve
CVE-2010-0562
2010-02-08 00:00:00
debiancve
debiancve
CVE-2010-0562
2010-02-08 21:30:00
cve
cve
CVE-2010-0562
2010-02-08 21:30:00
nessus
nessus
Mandriva Linux Security Advisory : fetchmail (MDVSA-2010:037)
2010-07-30 00:00:00
openSUSE Security Update : fetchmail (fetchmail-1996)
2010-02-19 00:00:00
FreeBSD : fetchmail -- heap overflow on verbose X.509 display (2a6a966f-1774-11df-b5c1-0026189baca3)
2010-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: fetchmail-6.3.11-4.fc12
2010-03-06 03:52:56
nvd
nvd
CVE-2010-0562
2010-02-08 21:30:00
prion
prion
Heap overflow
2010-02-08 21:30:00
gentoo
gentoo
Fetchmail: Multiple vulnerabilities
2010-06-01 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.094

Percentile

94.8%

JSON
Related for 2A6A966F-1774-11DF-B5C1-0026189BACA3
altlinux2openvas8securityvulns2cvelist1ubuntucve1debiancve1cve1nessus5fedora1nvd1prion1gentoo1