oss-sec mailing list archives

CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass


From: "Matthias Andree" <matthias.andree () gmx de>
Date: Wed, 05 Aug 2009 17:14:36 +0200

Greetings,

fetchmail <= 6.3.10 is susceptible to NUL prefix certificates such as www.paypal.com\0.reknowned.site.example.

Is there a global CVE ID to collect this vulnerability that is supposed to be reused by applications?

If there is, please let me know.

If there is not, please assign a new CVE Id.

Thanks

--
Matthias Andree


Current thread: