CVE-2010-1167

high

Description

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

References

http://www.securityfocus.com/bid/39556

http://www.securityfocus.com/archive/1/511140/100/0/threaded

http://www.mandriva.com/security/advisories?name=MDVSA-2011:107

http://www.fetchmail.info/fetchmail-SA-2010-02.txt

http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512

Details

Source: Mitre, NVD

Published: 2010-05-07

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High