CVE-2002-1174
fetchmail - buffer overflows
EPSS 4.3%
Description
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
How to fix CVE-2002-1174
To remediate CVE-2002-1174, upgrade the affected package to a fixed version below.
- Debian/fetchmail—upgrade to 6.1.0-1 or later
- Debian/fetchmail—upgrade to 5.9.11-6.1 or later
- —upgrade to 5.9.11-6.1 or later
Is CVE-2002-1174 being exploited?
Low — EPSS is 4.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 6.1.0-1
- from 0, < 5.9.11-6.1
- from 0, < 5.9.11-6.1