Your submission was sent successfully! Close

CVE-2021-36386

Published: 30 July 2021

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
fetchmail
Launchpad, Ubuntu, Debian
Upstream
Released (6.4.16-4)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(6.4.16-5)
Ubuntu 21.04 (Hirsute Hippo) Ignored
(reached end-of-life)
Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5
Upstream: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c