FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- denial of service vulnerability

Affected packages
4.6.3 <= fetchmail <= 6.3.16

Details

VuXML ID 09910d76-4c82-11df-83fb-0015587e2cc1
Discovery 2010-04-18
Entry 2010-04-20

Fetchmail developer Matthias Andree reported a vulnerability that allows remote attackers to crash the application when it is runs in verbose mode.

Fetchmail before release 6.3.17 did not properly sanitize external input (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, this could cause memory exhaustion and thus a denial of service.

References

CVE Name CVE-2010-1167
FreeBSD PR ports/145857
URL http://gitorious.org/fetchmail/fetchmail/commit/ec06293
URL http://seclists.org/oss-sec/2010/q2/76