FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- crash when bouncing a message

Affected packages
6.3.0 <= fetchmail < 6.3.2

Details

VuXML ID f11d3b22-88c6-11da-a7b2-0060084a00e5
Discovery 2006-01-22
Entry 2006-01-23

Matthias Andree reports:

Fetchmail contains a bug that causes itself to crash when bouncing a message to the originator or to the local postmaster. The crash happens after the bounce message has been sent, when fetchmail tries to free the dynamic array of failed addresses, and calls the free() function with an invalid pointer.

References

CVE Name CVE-2006-0321
URL http://bugs.debian.org/348747
URL http://www.fetchmail.info/fetchmail-SA-2006-01.txt