FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- denial-of-service vulnerability

Affected packages
fetchmail < 6.2.5

Details

VuXML ID ac4b9d18-67a9-11d8-80e3-0020ed76ef5a
Discovery 2003-10-16
Entry 2004-02-25
Modified 2012-09-04

Dave Jones discovered a denial-of-service vulnerability in fetchmail. An email message containing a very long line could cause fetchmail to segfault due to missing NUL termination in transact.c.

Eric Raymond decided not to mention this issue in the release notes for fetchmail 6.2.5, but it was fixed there.

References

Bugtraq ID 8843
CVE Name CVE-2003-0792
URL http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/fetchmail/patches/Attic/patch-rfc822_c?rev=1.1
URL http://xforce.iss.net/xforce/xfdb/13450