CVE-2011-1947Fetchmail vulnerability

CWE-3997 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
2.4%
top 14.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FetchmailDebian Fetchmail
Timeline
PublishedJun 2
Latest updateMay 14

Description

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/fetchmail< fetchmail 6.3.22-1 (bookworm)
Debianfetchmail/fetchmail< 6.3.22-1+2
NVDfetchmail/fetchmail38 versions+37

🔴Vulnerability Details

2
GHSA
GHSA-xrcr-j9jp-xv96: fetchmail 52022-05-14
OSV
CVE-2011-1947: fetchmail 52011-06-02

📋Vendor Advisories

2
Red Hat
fetchmail: Application hang due unguarded blocking I/O in IMAP/POP3 STARTTLS initialization (fetchmail-SA-2011-01)2011-05-30
Debian
CVE-2011-1947: fetchmail - fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issui...2011

💬Community

2
Bugzilla
CVE-2011-1947 fetchmail: Application hang due unguarded blocking I/O in IMAP/POP3 STARTTLS initialization (fetchmail-SA-2011-01)2011-05-31
Bugzilla
CVE-2011-1947 fetchmail: Application hang due unguarded blocking I/O in IMAP/POP3 STARTTLS initialization (fetchmail-SA-2011-01) [fedora-all]2011-05-31
CVE-2011-1947 — Debian Fetchmail vulnerability | cvebase