---

CVE-2021-36386 - log back

CVE-2021-36386 edited at 30 Jul 2021 09:01:47

Description

- A security issue has been found in fetchmail before version 6.4.20. Missing variable initialization can cause reads from bad memory locations when logging long messages. This leads to fetchmail logging random information (and possible information disclosure), or segfaults and aborts, stalling inbound mail. + report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

CVE-2021-36386 edited at 28 Jul 2021 21:44:31
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ A security issue has been found in fetchmail before version 6.4.20. Missing variable initialization can cause reads from bad memory locations when logging long messages. This leads to fetchmail logging random information (and possible information disclosure), or segfaults and aborts, stalling inbound mail.
References	+ https://www.fetchmail.info/fetchmail-SA-2021-01.txt + https://sourceforge.net/p/fetchmail/git/ci/c546c8299243a10a7b85c638e0e61396ecd5d8b5/
Notes

CVE-2021-36386 created at 28 Jul 2021 21:38:50