CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
fetchmailfetchmail
𝑥
≤ 6.3.9
fetchmailfetchmail
4.6.3
fetchmailfetchmail
4.6.4
fetchmailfetchmail
4.6.5
fetchmailfetchmail
4.6.6
fetchmailfetchmail
4.6.7
fetchmailfetchmail
4.6.8
fetchmailfetchmail
4.6.9
fetchmailfetchmail
4.7.0
fetchmailfetchmail
4.7.1
fetchmailfetchmail
4.7.2
fetchmailfetchmail
4.7.3
fetchmailfetchmail
4.7.4
fetchmailfetchmail
4.7.5
fetchmailfetchmail
4.7.6
fetchmailfetchmail
4.7.7
fetchmailfetchmail
5.0.0
fetchmailfetchmail
5.0.1
fetchmailfetchmail
5.0.2
fetchmailfetchmail
5.0.3
fetchmailfetchmail
5.0.4
fetchmailfetchmail
5.0.5
fetchmailfetchmail
5.0.6
fetchmailfetchmail
5.0.7
fetchmailfetchmail
5.0.8
fetchmailfetchmail
5.1.0
fetchmailfetchmail
5.1.4
fetchmailfetchmail
5.2.0
fetchmailfetchmail
5.2.1
fetchmailfetchmail
5.2.3
fetchmailfetchmail
5.2.4
fetchmailfetchmail
5.2.7
fetchmailfetchmail
5.2.8
fetchmailfetchmail
5.3.0
fetchmailfetchmail
5.3.1
fetchmailfetchmail
5.3.3
fetchmailfetchmail
5.3.8
fetchmailfetchmail
5.4.0
fetchmailfetchmail
5.4.3
fetchmailfetchmail
5.4.4
fetchmailfetchmail
5.4.5
fetchmailfetchmail
5.5.0
fetchmailfetchmail
5.5.2
fetchmailfetchmail
5.5.3
fetchmailfetchmail
5.5.5
fetchmailfetchmail
5.5.6
fetchmailfetchmail
5.6.0
fetchmailfetchmail
5.7.0
fetchmailfetchmail
5.7.2
fetchmailfetchmail
5.7.4
fetchmailfetchmail
5.8
fetchmailfetchmail
5.8.1
fetchmailfetchmail
5.8.2
fetchmailfetchmail
5.8.3
fetchmailfetchmail
5.8.4
fetchmailfetchmail
5.8.5
fetchmailfetchmail
5.8.6
fetchmailfetchmail
5.8.11
fetchmailfetchmail
5.8.13
fetchmailfetchmail
5.8.14
fetchmailfetchmail
5.8.17
fetchmailfetchmail
5.9.0
fetchmailfetchmail
5.9.4
fetchmailfetchmail
5.9.5
fetchmailfetchmail
5.9.8
fetchmailfetchmail
5.9.10
fetchmailfetchmail
5.9.11
fetchmailfetchmail
5.9.13
fetchmailfetchmail
6.0.0
fetchmailfetchmail
6.1.0
fetchmailfetchmail
6.1.3
fetchmailfetchmail
6.2.0
fetchmailfetchmail
6.2.1
fetchmailfetchmail
6.2.2
fetchmailfetchmail
6.2.3
fetchmailfetchmail
6.2.4
fetchmailfetchmail
6.2.5
fetchmailfetchmail
6.2.5.1
fetchmailfetchmail
6.2.5.2
fetchmailfetchmail
6.2.5.4
fetchmailfetchmail
6.2.6:pre4
fetchmailfetchmail
6.2.6:pre8
fetchmailfetchmail
6.2.6:pre9
fetchmailfetchmail
6.2.9:rc10
fetchmailfetchmail
6.2.9:rc3
fetchmailfetchmail
6.2.9:rc4
fetchmailfetchmail
6.2.9:rc5
fetchmailfetchmail
6.2.9:rc7
fetchmailfetchmail
6.2.9:rc8
fetchmailfetchmail
6.2.9:rc9
fetchmailfetchmail
6.3.0
fetchmailfetchmail
6.3.1
fetchmailfetchmail
6.3.2
fetchmailfetchmail
6.3.3
fetchmailfetchmail
6.3.4
fetchmailfetchmail
6.3.5
fetchmailfetchmail
6.3.6
fetchmailfetchmail
6.3.6:rc1
fetchmailfetchmail
6.3.6:rc2
fetchmailfetchmail
6.3.6:rc3
fetchmailfetchmail
6.3.6:rc4
fetchmailfetchmail
6.3.6:rc5
fetchmailfetchmail
6.3.7
fetchmailfetchmail
6.3.8
fetchmailfetchmail
6.3.9
fetchmailfetchmail
6.3.10
fetchmailfetchmail
6.3.11
fetchmailfetchmail
6.3.12
fetchmailfetchmail
6.3.13
fetchmailfetchmail
6.3.14
fetchmailfetchmail
6.3.15
fetchmailfetchmail
6.3.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fetchmail
bullseye
6.4.16-4+deb11u1
fixed
lenny
no-dsa
bookworm
6.4.37-1
fixed
sid
6.4.39-1
fixed
trixie
6.4.39-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fetchmail
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512
http://www.fetchmail.info/fetchmail-SA-2010-02.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
http://www.securityfocus.com/archive/1/511140/100/0/threaded
http://www.securityfocus.com/bid/39556
http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512
http://www.fetchmail.info/fetchmail-SA-2010-02.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
http://www.securityfocus.com/archive/1/511140/100/0/threaded
http://www.securityfocus.com/bid/39556