CVE-2005-2335
fetchmail - buffer overflow
EPSS 6.4%
Description
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
How to fix CVE-2005-2335
To remediate CVE-2005-2335, upgrade the affected package to a fixed version below.
- Debian/fetchmail—upgrade to 6.2.5-16 or later
- Debian/fetchmail—upgrade to 6.2.5-12sarge1 or later
Is CVE-2005-2335 being exploited?
Moderate — EPSS is 6.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 6.2.5-16
- from 0, < 6.2.5-12sarge1