diff options
| -rw-r--r-- | NEWS | 13 | ||||
| -rw-r--r-- | fetchmail-SA-2010-02.txt | 4 |
2 files changed, 9 insertions, 8 deletions
@@ -55,12 +55,13 @@ removed from a 6.4.0 or newer release.) fetchmail-6.3.17 (not yet released): # SECURITY FIX -* Fetchmail before release 6.3.17 did not properly sanitize external input - (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, - this could cause memory exhaustion and thus a denial of service, because - fetchmail's report.c functions assumed that non-success of [v]snprintf was - due to insufficient buffer size allocation. It would then repeatedly reallocate - a larger buffer and fail formatting again. See fetchmail-SA-2010-02.txt. +* CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize + external input (mail headers and UID). When a multi-character locale (such as + UTF-8) was in use, this could cause memory exhaustion and thus a denial of + service, because fetchmail's report.c functions assumed that non-success of + [v]snprintf was due to insufficient buffer size allocation. It would then + repeatedly reallocate a larger buffer and fail formatting again. + See fetchmail-SA-2010-02.txt. # FEATURES * Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle" diff --git a/fetchmail-SA-2010-02.txt b/fetchmail-SA-2010-02.txt index ff350b7a..350e769c 100644 --- a/fetchmail-SA-2010-02.txt +++ b/fetchmail-SA-2010-02.txt @@ -7,11 +7,11 @@ Topics: Denial of service in debug output. Author: Matthias Andree Version: 0.1 XXX Announced: XXX -Type: malloc() Buffer overrun with printable characters +Type: Unbounded allocation of memory until exhaustion. Impact: Denial of service. Danger: low -CVE Name: CVE-2010-XXXX +CVE Name: CVE-2010-1167 CVSSv2: XXX URL: http://www.fetchmail.info/fetchmail-SA-2010-02.txt Project URL: http://www.fetchmail.info/ |