Lucene search

K

GoogleOSV:CVE-2021-36386

HistoryJul 30, 2021 - 2:15 p.m.

CVE-2021-36386

2021-07-3014:15:18

Google

osv.dev

6

fetchmail

report_vbuild

vulnerability

denial of service

mail servers

error messages

impact

AI Score

7.4

Confidence

High

EPSS

0.005

Percentile

76.8%

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

References

www.openwall.com/lists/oss-security/2021/07/28/5

www.openwall.com/lists/oss-security/2021/08/09/1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGYO5AHSXTCKA4NQC2Z4H3XMMYNAGC77/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIXKO6QW3AUHGJVWKJXBCOVBYJUJRBFC/

security.gentoo.org/glsa/202209-14

www.fetchmail.info/fetchmail-SA-2021-01.txt

www.fetchmail.info/security.html

AI Score

7.4

Confidence

High

EPSS

0.005

Percentile

76.8%

Related for OSV:CVE-2021-36386

openvas14 suse4 cvelist1 prion1 fedora2 nessus21 mageia1 veracode1 osv3 nvd1 cbl_mariner1 alpinelinux1 ubuntucve1 redos1 debiancve1 cve1 almalinux1 redhatcve1 oraclelinux1 freebsd1 gentoo1 rocky1 redhat1