Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2006-4434

Опубликовано: 29 авг. 2006
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

РелизСтатусПримечание
dapper

ignored

end of life
devel

released

8.13.8-1
edgy

released

8.13.8-1
feisty

released

8.13.8-1
gutsy

released

8.13.8-1
hardy

released

8.13.8-1
intrepid

released

8.13.8-1
jaunty

released

8.13.8-1
karmic

released

8.13.8-1
upstream

released

8.13.8

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%
0.07587
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2006-4434

CVSS3: 7.5
nvd
около 19 лет назад

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

debian логотип

CVE-2006-4434

CVSS3: 7.5
debian
около 19 лет назад

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote a ...

github логотип

GHSA-535c-fwmj-7hhw

CVSS3: 7.5
github
больше 3 лет назад

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

EPSS

Процентиль: 91%
0.07587
Низкий

5 Medium

CVSS2

7.5 High

CVSS3