FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- null pointer dereference in multidrop mode with headerless email

Affected packages
fetchmail < 6.3.1


VuXML ID f7eb0b23-7099-11da-a15c-0060084a00e5
Discovery 2005-12-19
Entry 2005-12-19

The fetchmail team reports:

Fetchmail contains a bug that causes an application crash when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers. As fetchmail does not record this message as "previously fetched", it will crash with the same message if it is re-executed, so it cannot make progress. A malicious or broken-into upstream server could thus cause a denial of service in fetchmail clients.


CVE Name CVE-2005-4348