FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- denial of service/crash from malicious POP3 server

Affected packages
fetchmail =


VuXML ID 3f4ac724-fa8b-11d9-afcf-0060084a00e5
Discovery 2005-07-21
Entry 2005-07-22

In fetchmail, the remote code injection via POP3 UIDL was fixed, but a denial of service attack was introduced:

Two possible NULL-pointer dereferences allow a malicious POP3 server to crash fetchmail by respondig with UID lines containing only the article number but no UID (in violation of RFC-1939), or a message without Message-ID when no UIDL support is available.