ALAS-2012-132 --- fetchmailID: oval:org.secpod.oval:def:1601323 | Date: (C)2020-11-27 (M)2022-11-29 |
Class: PATCH | Family: unix |
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to cause a denial of service via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
Platform: |
Amazon Linux AMI |