CVE-2012-3482Fetchmail vulnerability

7 documents6 sources
Severity
5.8MEDIUMNVD
EPSS
0.7%
top 27.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FetchmailDebian Fetchmail
Timeline
PublishedDec 21
Latest updateMay 17

Description

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

debiandebian/fetchmail< fetchmail 6.3.22-1 (bookworm)
Debianfetchmail/fetchmail< 6.3.22-1+2
NVDfetchmail/fetchmail79 versions+78

Patches

Patch: www.fetchmail.infoPatch: www.fetchmail.info

🔴Vulnerability Details

2
GHSA
GHSA-237f-j4ff-q54m: Fetchmail 52022-05-17
OSV
CVE-2012-3482: Fetchmail 52012-12-21

📋Vendor Advisories

2
Red Hat
fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the initial request2012-08-13
Debian
CVE-2012-3482: fetchmail - Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, al...2012

💬Community

2
Bugzilla
CVE-2012-3482 fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the initial request [fedora-all]2012-08-14
Bugzilla
CVE-2012-3482 fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the initial request2012-08-14
CVE-2012-3482 — Debian Fetchmail vulnerability | cvebase