CVE-2002-1365
fetchmail - buffer overflow
EPSS 4.8%
Description
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
How to fix CVE-2002-1365
To remediate CVE-2002-1365, upgrade the affected package to a fixed version below.
- Debian/fetchmail—upgrade to 6.2.0-1 or later
- Debian/fetchmail—upgrade to 5.9.11-6.2 or later
Is CVE-2002-1365 being exploited?
Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 6.2.0-1
- from 0, < 5.9.11-6.2