Lucene search

K
freebsdFreeBSDCBFD1874-EFEA-11EB-8FE9-036BD763FF35
HistoryJul 07, 2021 - 12:00 a.m.

fetchmail -- 6.4.19 and older denial of service or information disclosure

2021-07-0700:00:00
vuxml.freebsd.org
21

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.113

Percentile

95.2%

Matthias Andree reports:

When a log message exceeds c. 2 kByte in size, for instance, with very long
header contents, and depending on verbosity option, fetchmail can crash or
misreport each first log message that requires a buffer reallocation.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfetchmail< 6.3.9UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.113

Percentile

95.2%