ubuntu · CVE-2012-3482

Quick triage

Priority: low Published: 2012-12-21 05:46:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-3482 low priority: Ubuntu including 1 source packages (fetchmail), 26 status rows across 26 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hardy, hirsute, impish, jammy, lucid, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 18, not-affected 6, DNE 1, released 1.

Description:

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

cvelogic Threat Intelligence