CVE-2002-1175 — Improper Input Validation in Fetchmail

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 19.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fetchmail Debian Fetchmail

Timeline

PublishedOct 11

Latest updateApr 30

Description

The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/fetchmail< fetchmail 6.1.0-1 (bookworm)

▶Debianfetchmail/fetchmail< 6.1.0-1+2

▶NVDfetchmail/fetchmail6.0.0+78

Patches

Patch: www.linux-mandrake.com ↗Patch: www.linux-mandrake.com ↗

🔴Vulnerability Details

GHSA

GHSA-33hc-jm79-92r9: The getmxrecord function in Fetchmail 6↗2022-04-30

▶

OSV

CVE-2002-1175: The getmxrecord function in Fetchmail 6↗2002-10-11

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-09-29

▶

Debian

CVE-2002-1175: fetchmail - The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check ...↗2002

▶

💬Community

Bugzilla

CVE-2002-1175 security flaw↗2018-08-16

▶