CVE-2006-4434

CWE-416 — Use After Free7 documents7 sources

Severity

7.5HIGH

EPSS

7.0%

top 8.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sendmail Sendmail

Timeline

PublishedAug 29

Latest updateMay 1

Description

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads direct…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDsendmail/sendmail< 8.13.8

▶Debiansendmail< 8.13.8-1+3

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-535c-fwmj-7hhw: Use-after-free vulnerability in Sendmail before 8↗2022-05-01

▶

OSV

CVE-2006-4434: Use-after-free vulnerability in Sendmail before 8↗2006-08-29

▶

CVEList

CVE-2006-4434: Use-after-free vulnerability in Sendmail before 8↗2006-08-29

▶

VulnCheck

sendmail sendmail Use After Free↗2006

▶

📋Vendor Advisories

Debian

CVE-2006-4434: sendmail - Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers t...↗2006

▶

Red Hat

CVE-2006-4434: Use-after-free vulnerability in Sendmail before 8↗

▶