report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. — CVE-2021-36386

Summary

Advisory CVE-2021-36386. report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument which might allow… Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 7.5. See the official…

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2014-0047
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2014-5282
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2014-8179
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2014-9356
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2016-3697
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2019-13139
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2019-13509
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2019-16884
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2019-5736
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2021-33503
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2021-28691
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2019-18874