CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.8%
Matthias Andree reports:
In verbose mode, fetchmail prints X.509 certificate subject and
issuer information to the user, and counts and allocates a malloc()
buffer for that purpose.
If the material to be displayed contains characters with high bit
set and the platform treats the “char” type as signed, this can cause
a heap buffer overrun because non-printing characters are escaped as
\xFF…FFnn, where nn is 80…FF in hex.