CVE-2002-1365

EPSS 4.8%

fetchmail - buffer overflow

Published: 12/23/2002Modified: 4/28/2026

Description

Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.

Affected packages (2)

Debian/fetchmailfrom 0, < 6.2.0-1
Debian/fetchmailfrom 0, < 5.9.11-6.2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2002-1365