CVE-2010-1167

EUVD-2010-1197
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
fetchmailfetchmail
𝑥
≤ 6.3.9
fetchmailfetchmail
4.6.3
fetchmailfetchmail
4.6.4
fetchmailfetchmail
4.6.5
fetchmailfetchmail
4.6.6
fetchmailfetchmail
4.6.7
fetchmailfetchmail
4.6.8
fetchmailfetchmail
4.6.9
fetchmailfetchmail
4.7.0
fetchmailfetchmail
4.7.1
fetchmailfetchmail
4.7.2
fetchmailfetchmail
4.7.3
fetchmailfetchmail
4.7.4
fetchmailfetchmail
4.7.5
fetchmailfetchmail
4.7.6
fetchmailfetchmail
4.7.7
fetchmailfetchmail
5.0.0
fetchmailfetchmail
5.0.1
fetchmailfetchmail
5.0.2
fetchmailfetchmail
5.0.3
fetchmailfetchmail
5.0.4
fetchmailfetchmail
5.0.5
fetchmailfetchmail
5.0.6
fetchmailfetchmail
5.0.7
fetchmailfetchmail
5.0.8
fetchmailfetchmail
5.1.0
fetchmailfetchmail
5.1.4
fetchmailfetchmail
5.2.0
fetchmailfetchmail
5.2.1
fetchmailfetchmail
5.2.3
fetchmailfetchmail
5.2.4
fetchmailfetchmail
5.2.7
fetchmailfetchmail
5.2.8
fetchmailfetchmail
5.3.0
fetchmailfetchmail
5.3.1
fetchmailfetchmail
5.3.3
fetchmailfetchmail
5.3.8
fetchmailfetchmail
5.4.0
fetchmailfetchmail
5.4.3
fetchmailfetchmail
5.4.4
fetchmailfetchmail
5.4.5
fetchmailfetchmail
5.5.0
fetchmailfetchmail
5.5.2
fetchmailfetchmail
5.5.3
fetchmailfetchmail
5.5.5
fetchmailfetchmail
5.5.6
fetchmailfetchmail
5.6.0
fetchmailfetchmail
5.7.0
fetchmailfetchmail
5.7.2
fetchmailfetchmail
5.7.4
fetchmailfetchmail
5.8
fetchmailfetchmail
5.8.1
fetchmailfetchmail
5.8.2
fetchmailfetchmail
5.8.3
fetchmailfetchmail
5.8.4
fetchmailfetchmail
5.8.5
fetchmailfetchmail
5.8.6
fetchmailfetchmail
5.8.11
fetchmailfetchmail
5.8.13
fetchmailfetchmail
5.8.14
fetchmailfetchmail
5.8.17
fetchmailfetchmail
5.9.0
fetchmailfetchmail
5.9.4
fetchmailfetchmail
5.9.5
fetchmailfetchmail
5.9.8
fetchmailfetchmail
5.9.10
fetchmailfetchmail
5.9.11
fetchmailfetchmail
5.9.13
fetchmailfetchmail
6.0.0
fetchmailfetchmail
6.1.0
fetchmailfetchmail
6.1.3
fetchmailfetchmail
6.2.0
fetchmailfetchmail
6.2.1
fetchmailfetchmail
6.2.2
fetchmailfetchmail
6.2.3
fetchmailfetchmail
6.2.4
fetchmailfetchmail
6.2.5
fetchmailfetchmail
6.2.5.1
fetchmailfetchmail
6.2.5.2
fetchmailfetchmail
6.2.5.4
fetchmailfetchmail
6.2.6:pre4
fetchmailfetchmail
6.2.6:pre8
fetchmailfetchmail
6.2.6:pre9
fetchmailfetchmail
6.2.9:rc10
fetchmailfetchmail
6.2.9:rc3
fetchmailfetchmail
6.2.9:rc4
fetchmailfetchmail
6.2.9:rc5
fetchmailfetchmail
6.2.9:rc7
fetchmailfetchmail
6.2.9:rc8
fetchmailfetchmail
6.2.9:rc9
fetchmailfetchmail
6.3.0
fetchmailfetchmail
6.3.1
fetchmailfetchmail
6.3.2
fetchmailfetchmail
6.3.3
fetchmailfetchmail
6.3.4
fetchmailfetchmail
6.3.5
fetchmailfetchmail
6.3.6
fetchmailfetchmail
6.3.6:rc1
fetchmailfetchmail
6.3.6:rc2
fetchmailfetchmail
6.3.6:rc3
fetchmailfetchmail
6.3.6:rc4
fetchmailfetchmail
6.3.6:rc5
fetchmailfetchmail
6.3.7
fetchmailfetchmail
6.3.8
fetchmailfetchmail
6.3.9
fetchmailfetchmail
6.3.10
fetchmailfetchmail
6.3.11
fetchmailfetchmail
6.3.12
fetchmailfetchmail
6.3.13
fetchmailfetchmail
6.3.14
fetchmailfetchmail
6.3.15
fetchmailfetchmail
6.3.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fetchmail
bookworm
6.4.37-1
fixed
bullseye
6.4.16-4+deb11u1
fixed
lenny
no-dsa
sid
6.4.39-1
fixed
trixie
6.4.39-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fetchmail
dapper
ignored
hardy
ignored
jaunty
ignored
karmic
ignored
lucid
ignored
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
trusty
dne
utopic
not-affected
vivid
not-affected
Common Weakness Enumeration
References
http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512
http://www.fetchmail.info/fetchmail-SA-2010-02.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
http://www.securityfocus.com/archive/1/511140/100/0/threaded
http://www.securityfocus.com/bid/39556
http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512
http://www.fetchmail.info/fetchmail-SA-2010-02.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
http://www.securityfocus.com/archive/1/511140/100/0/threaded
http://www.securityfocus.com/bid/39556