QwikSec

Security Database

CVE

CWE

Training

CVE-2021-36386

Published: Jul 29, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.fetchmail.info/security.html

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2021/07/28/5

x_refsource_MISC

https://www.fetchmail.info/fetchmail-SA-2021-01.txt

x_refsource_CONFIRM

[oss-security] 20210809 fetchmail 6.4.21 released/regression fix for 6.4.20's security fix, and UPDATE: fetchmail <= 6.4.19 security announcement 2021-01 (CVE-2021-36386)

mailing-list

x_refsource_MLIST

FEDORA-2021-47893f53ed

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-b904d99ce5

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.