FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- 6.4.19 and older denial of service or information disclosure

Affected packages
fetchmail < 6.3.9
6.3.17 <= fetchmail < 6.4.20

Details

VuXML ID cbfd1874-efea-11eb-8fe9-036bd763ff35
Discovery 2021-07-07
Entry 2021-07-28
Modified 2021-08-03

Matthias Andree reports:

When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation.

References

CVE Name CVE-2008-2711
CVE Name CVE-2021-36386
URL https://sourceforge.net/p/fetchmail/mailman/message/37327392/