CVE-2012-3482

Public on 2012-10-08
Modified on 2014-09-14
Description
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
Severity
Low severity
Low
CVSS v3 Base Score
5.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 fetchmail 2012-10-08 ALAS-2012-132 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv2 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P