FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

newsfetch -- server response buffer overflow vulnerability

Affected packages
newsfetch <= 1.21_1

Details

VuXML ID 76e0b133-6bfd-11d9-a5df-00065be4b5b6
Discovery 2005-01-18
Entry 2005-02-01

The newsfetch program uses the sscanf function to read information from server responses into static memory buffers. Unfortunately this is done without any proper bounds checking. As a result long server responses may cause an overflow when a newsgroup listing is requested from an NNTP server.

References

CVE Name CVE-2005-0132
URL http://people.freebsd.org/~niels/issues/newsfetch-20050119.txt