CVE-2008-2711

Name of the Vulnerable Software and Affected Versions fetchmail versions 6.3.8 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a crash and persistent mail failure. This is achieved by sending a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages. The attack is possible when fetchmail is running in verbose mode.

Recommendations For fetchmail versions 6.3.8 and earlier, avoid running in verbose mode until a fix is available. As a temporary workaround, consider disabling the verbose mode to minimize the risk of exploitation.