CVE-2010-0562
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.
La función sdump en sdum.c en fetchmail v6.3.11, v6.3.12 y v6.3.13, cuando está ejecutado en modo verbose sobre plataformas para las que los caracteres van firmados, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de un certificado X.509 que contiene caracteres no imprimibles con el bit más alto asignado, lo que provoca un desbordamiento de búfer basado en memoria dinámica (heap) durante el escape.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-02-08 CVE Reserved
- 2010-02-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2010-01.txt | X_refsource_confirm | |
| http://osvdb.org/62114 | Vdb Entry | |
| http://www.securityfocus.com/bid/38088 | Vdb Entry | |
| http://www.securitytracker.com/id?1023543 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/38391 | 2011-04-27 | |
| http://www.fetchmail.info/fetchmail-SA-2010-01.txt | 2011-04-27 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:037 | 2011-04-27 | |
| http://www.vupen.com/english/advisories/2010/0296 | 2011-04-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fetchmail Search vendor "Fetchmail" | Fetchmail Search vendor "Fetchmail" for product "Fetchmail" | 6.3.11 Search vendor "Fetchmail" for product "Fetchmail" and version "6.3.11" | - |
Affected
| ||||||
| Fetchmail Search vendor "Fetchmail" | Fetchmail Search vendor "Fetchmail" for product "Fetchmail" | 6.3.12 Search vendor "Fetchmail" for product "Fetchmail" and version "6.3.12" | - |
Affected
| ||||||
| Fetchmail Search vendor "Fetchmail" | Fetchmail Search vendor "Fetchmail" for product "Fetchmail" | 6.3.13 Search vendor "Fetchmail" for product "Fetchmail" and version "6.3.13" | - |
Affected
| ||||||