CVE-2010-1167

fetchmail 4.6.3-6.3.16 - Denial of Service via Invalid Multi-Character Locale Handling

Title source: llm
STIX 2.1

Description

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39556
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511140/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:107

Scores

EPSS 0.0220
EPSS Percentile 80.4%

Details

CWE
CWE-20
Status published
Products (50)
fetchmail/fetchmail 4.6.3
fetchmail/fetchmail 4.6.4
fetchmail/fetchmail 4.6.5
fetchmail/fetchmail 4.6.6
fetchmail/fetchmail 4.6.7
fetchmail/fetchmail 4.6.8
fetchmail/fetchmail 4.6.9
fetchmail/fetchmail 4.7.0
fetchmail/fetchmail 4.7.1
fetchmail/fetchmail 4.7.2
... and 40 more
Published May 07, 2010
Tracked Since Feb 18, 2026