CVE-2005-2335
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
27/07/2005
Last modified:
03/04/2025
Description
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:fetchmail:fetchmail:*:*:*:*:*:*:*:* | 6.2.5.1 (including) | |
| cpe:2.3:a:fetchmail:fetchmail:4.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.5.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.5.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.5.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.5.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fetchmail:fetchmail:4.6.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://developer.berlios.de/project/shownotes.php?release_id=6617
- http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
- http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
- http://secunia.com/advisories/16176
- http://secunia.com/advisories/21253
- http://www.debian.org/security/2005/dsa-774
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.osvdb.org/18174
- http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00088.html
- http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00089.html
- http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html
- http://www.redhat.com/support/errata/RHSA-2005-640.html
- http://www.securityfocus.com/archive/1/435197/100/0/threaded
- http://www.securityfocus.com/archive/1/441856/100/200/threaded
- http://www.securityfocus.com/bid/14349
- http://www.securityfocus.com/bid/19289
- http://www.us-cert.gov/cas/techalerts/TA06-214A.html
- http://www.vupen.com/english/advisories/2005/1171
- http://www.vupen.com/english/advisories/2006/3101
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1038
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1124
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8833
- http://developer.berlios.de/project/shownotes.php?release_id=6617
- http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
- http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
- http://secunia.com/advisories/16176
- http://secunia.com/advisories/21253
- http://www.debian.org/security/2005/dsa-774
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.osvdb.org/18174
- http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00088.html
- http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00089.html
- http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html
- http://www.redhat.com/support/errata/RHSA-2005-640.html
- http://www.securityfocus.com/archive/1/435197/100/0/threaded
- http://www.securityfocus.com/archive/1/441856/100/200/threaded
- http://www.securityfocus.com/bid/14349
- http://www.securityfocus.com/bid/19289
- http://www.us-cert.gov/cas/techalerts/TA06-214A.html
- http://www.vupen.com/english/advisories/2005/1171
- http://www.vupen.com/english/advisories/2006/3101
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1038
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1124
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8833