CVE-2006-0321 — Improper Input Validation in Fetchmail

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

14.3%

top 5.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fetchmail Debian Fetchmail

Timeline

PublishedJan 24

Latest updateMay 1

Description

fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/fetchmail< fetchmail 6.3.2-1 (bookworm)

▶Debianfetchmail/fetchmail< 6.3.2-1+2

▶NVDfetchmail/fetchmail6.3.0, 6.3.1+1

Patches

Patch: fetchmail.berlios.de ↗Patch: fetchmail.berlios.de ↗

🔴Vulnerability Details

GHSA

GHSA-pcgw-76h3-f9p8: fetchmail 6↗2022-05-01

▶

OSV

CVE-2006-0321: fetchmail 6↗2006-01-24

▶

📋Vendor Advisories

Debian

CVE-2006-0321: fetchmail - fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause...↗2006

▶

Red Hat

CVE-2006-0321: fetchmail 6↗

▶

💬Community

Bugzilla

CVE-2006-0321 fetchmail denial of service (crash)↗2006-01-23

▶