Lucene search

K

MitreCVELIST:CVE-2021-36386

HistoryJul 29, 2021 - 1:59 p.m.

CVE-2021-36386

2021-07-2913:59:24

mitre

www.cve.org

8.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

References

www.openwall.com/lists/oss-security/2021/07/28/5

www.openwall.com/lists/oss-security/2021/08/09/1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGYO5AHSXTCKA4NQC2Z4H3XMMYNAGC77/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIXKO6QW3AUHGJVWKJXBCOVBYJUJRBFC/

security.gentoo.org/glsa/202209-14

www.fetchmail.info/fetchmail-SA-2021-01.txt

www.fetchmail.info/security.html

8.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

Related for CVELIST:CVE-2021-36386

fedora2 nessus20 veracode1 osv3 openvas13 nvd1 mageia1 suse4 prion1 ubuntucve1 cbl_mariner1 cve1 debiancve1 alpinelinux1 almalinux1 oraclelinux1 redhatcve1 freebsd1 redhat1 rocky1 gentoo1