PT-2008-4156 · Fetchmail+1 · Fetchmail+1

Published

2008-06-16

Updated

2021-08-09

CVE-2008-2711

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions fetchmail versions 6.3.8 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a crash and persistent mail failure. This is achieved by sending a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages. The attack is possible when fetchmail is running in verbose mode.

Recommendations For fetchmail versions 6.3.8 and earlier, avoid running in verbose mode until a fix is available. As a temporary workaround, consider disabling the verbose mode to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-2711

RHSA-2009:1427

RHSA-2009_1427

Affected Products

Red Hat

Fetchmail

PT-2008-4156 · Fetchmail+1 · Fetchmail+1

CVE-2008-2711

Weakness Enumeration

Related Identifiers

Affected Products

References · 33