fetchmail
Page content
- Author: Miklos Vajna
- Vulnerable: 6.3.13-1
- Unaffected: 6.3.16-1locris1
Fetchmail did not properly sanitize external input (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, this could cause memory exhaustion and thus a denial of service, because fetchmail’s report.c functions assumed that non-success of [v]snprintf was due to insufficient buffer size allocation. It would then repeatedly reallocate a larger buffer and fail formatting again.
- Bug Tracker URL: http://bugs.frugalware.org/task/4195