CVE-2010-0562

critical

Description

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.

References

http://www.vupen.com/english/advisories/2010/0296

http://www.securitytracker.com/id?1023543

http://www.securityfocus.com/bid/38088

http://www.mandriva.com/security/advisories?name=MDVSA-2010:037

http://www.fetchmail.info/fetchmail-SA-2010-01.txt

http://secunia.com/advisories/38391

http://osvdb.org/62114

http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2010-01.txt

Details

Source: Mitre, NVD

Published: 2010-02-08

Updated: 2011-04-27

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical