Vulnerability Description
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fetchmail | Fetchmail | <= 6.3.9 |
Related Weaknesses (CWE)
References
- http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512
- http://www.fetchmail.info/fetchmail-SA-2010-02.txtPatch
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
- http://www.securityfocus.com/archive/1/511140/100/0/threaded
- http://www.securityfocus.com/bid/39556
- http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512
- http://www.fetchmail.info/fetchmail-SA-2010-02.txtPatch
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
- http://www.securityfocus.com/archive/1/511140/100/0/threaded
- http://www.securityfocus.com/bid/39556
FAQ
What is CVE-2010-1167?
CVE-2010-1167 is a vulnerability with a CVSS score of 4.3 (MEDIUM). fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory ...
How severe is CVE-2010-1167?
CVE-2010-1167 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1167?
Check the references section above for vendor advisories and patch information. Affected products include: Fetchmail Fetchmail.