CVE-2008-2711

Priority
Description
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode,
allows remote attackers to cause a denial of service (crash and persistent
mail failure) via a malformed mail message with long headers, which
triggers an erroneous dereference when using vsnprintf to format log
messages.
Notes
 jdstrand> per Debian, http://www.openwall.com/lists/oss-security/2008/06/13/1, -vv is only used for debugging purposes so this does not prevent a victim from getting mails. -vv is not used in non-interactive use.
Package
Upstream:needs-triage
Patches:
Debdiff:https://bugs.launchpad.net/bugs/240549
Debdiff:http://launchpad.net/bugs/240549
More Information

Updated: 2019-01-14 21:45:31 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)