newsfetch -- server response buffer overflow vulnerability

ID 76E0B133-6BFD-11D9-A5DF-00065BE4B5B6
Type freebsd
Reporter FreeBSD
Modified 2005-01-18T00:00:00


The newsfetch program uses the sscanf function to read information from server responses into static memory buffers. Unfortunately this is done without any proper bounds checking. As a result long server responses may cause an overflow when a newsgroup listing is requested from an NNTP server.