CVE-2010-1167
fetchmail 4.6.3-6.3.16 - Denial of Service via Invalid Multi-Character Locale Handling
Title source: llmDescription
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39556
Patch x_refsource_confirm
http://www.fetchmail.info/fetchmail-SA-2010-02.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511140/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
Various Sources x_refsource_confirm
http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17512
Scores
EPSS
0.0220
EPSS Percentile
80.4%
Details
CWE
CWE-20
Status
published
Products (50)
fetchmail/fetchmail
4.6.3
fetchmail/fetchmail
4.6.4
fetchmail/fetchmail
4.6.5
fetchmail/fetchmail
4.6.6
fetchmail/fetchmail
4.6.7
fetchmail/fetchmail
4.6.8
fetchmail/fetchmail
4.6.9
fetchmail/fetchmail
4.7.0
fetchmail/fetchmail
4.7.1
fetchmail/fetchmail
4.7.2
... and 40 more
Published
May 07, 2010
Tracked Since
Feb 18, 2026