CVE-2008-2711

Description

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

How to fix CVE-2008-2711

To remediate CVE-2008-2711, upgrade the affected package to a fixed version below.

• Debian/fetchmail—upgrade to 6.3.9~rc2-1 or later

Is CVE-2008-2711 being exploited?

Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 6.3.9~rc2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-2711