CVE-2002-1174 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Fetchmail

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

7.5HIGHNVD

EPSS

4.3%

top 11.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fetchmail Debian Fetchmail

Timeline

PublishedOct 11

Latest updateApr 30

Description

Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/fetchmail< fetchmail 6.1.0-1 (bookworm)

▶Debianfetchmail/fetchmail< 6.1.0-1+2

▶NVDfetchmail/fetchmail6.0.0+78

Patches

Patch: www.debian.org ↗Patch: www.linux-mandrake.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-vqhj-2h3q-6ghm: Buffer overflows in Fetchmail 6↗2022-04-30

▶

OSV

CVE-2002-1174: Buffer overflows in Fetchmail 6↗2002-10-11

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-09-29

▶

Debian

CVE-2002-1174: fetchmail - Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause ...↗2002

▶

💬Community

Bugzilla

CVE-2002-1174 security flaw↗2018-08-16

▶