CVE-2003-0792 — Fetchmail vulnerability

CWE-3996 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 19.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fetchmail Debian Fetchmail

Timeline

PublishedNov 17

Latest updateMay 3

Description

Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/fetchmail< fetchmail 6.2.5 (bookworm)

▶Debianfetchmail/fetchmail< 6.2.5+2

▶NVDfetchmail/fetchmail6.2.4+85

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-rrh8-qpfq-g4g6: Fetchmail 6↗2022-05-03

▶

OSV

CVE-2003-0792: Fetchmail 6↗2003-11-17

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-10-16

▶

Debian

CVE-2003-0792: fetchmail - Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, wh...↗2003

▶

💬Community

Bugzilla

CVE-2003-0792 security flaw↗2018-08-16

▶