CVE-2010-0562 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Fetchmail

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

1.8%

top 17.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fetchmail Debian Fetchmail

Timeline

PublishedFeb 8

Latest updateMay 2

Description

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/fetchmail< fetchmail 6.3.13-2 (bookworm)

▶Debianfetchmail/fetchmail< 6.3.13-2+2

▶NVDfetchmail/fetchmail6.3.11, 6.3.12, 6.3.13+2

🔴Vulnerability Details

GHSA

GHSA-7xwr-ggr5-9p9v: The sdump function in sdump↗2022-05-02

▶

OSV

CVE-2010-0562: The sdump function in sdump↗2010-02-08

▶

📋Vendor Advisories

Debian

CVE-2010-0562: fetchmail - The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when runn...↗2010

▶