CVE-2021-36386 — Vulnetix

CVE-2021-36386 PUBLISHED

Es existiert eine Schwachstelle in fetchmail. Der Fehler tritt bei der Verarbeitung von langen Log-Daten auf. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.

EPSS 0.26% · 49.6th percentile

Risk Scores

EPSS Score

0.26%

49.6th percentile

Affected Products

Vendor	Product	Versions
SUSE	SUSE Linux
Red Hat	Red Hat Enterprise Linux
Open Source	Open Source fetchmail <6.4.20
Gentoo	Gentoo Linux

Exploit Intelligence

https://www.fetchmail.info/security.html (circl)
http://www.openwall.com/lists/oss-security/2021/07/28/5 (circl)
https://www.fetchmail.info/fetchmail-SA-2021-01.txt (circl)
[oss-security] 20210809 fetchmail 6.4.21 released/regression fix for 6.4.20's security fix, and UPDATE: fetchmail <= 6.4.19 security announcement 2021-01 (CVE-2021-36386) (circl)
FEDORA-2021-47893f53ed (circl)
FEDORA-2021-b904d99ce5 (circl)
GLSA-202209-14 (circl)

Timeline

Jul 28, 2021 CVE Published
Jul 30, 2021 EPSS Score
Aug 12, 2021 EPSS Score
Nov 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 23, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 22, 2022 EPSS Score
Jul 21, 2022 EPSS Score
Sep 18, 2022 EPSS Score
Jan 14, 2023 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1525.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1525 advisory
https://www.fetchmail.info/fetchmail-SA-2021-01.txt advisory
https://lists.suse.com/pipermail/sle-security-updates/2021-August/009308.html advisory
https://lists.suse.com/pipermail/sle-security-updates/2021-August/009317.html advisory
https://lists.suse.com/pipermail/sle-security-updates/2021-December/009892.html advisory
https://access.redhat.com/errata/RHSA-2022:1964 advisory
https://security.gentoo.org/glsa/202209-14 advisory
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019307.html advisory

Open in Interactive Console →