Description
The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input.
Product(s):
- Leafnode 1.9.19
- Leafnode 1.9.20
- Leafnode 1.9.21
- Leafnode 1.9.22
- Leafnode 1.9.23
- Leafnode 1.9.24
- Leafnode 1.9.25
- Leafnode 1.9.26
- Leafnode 1.9.27
- Leafnode 1.9.29
- Leafnode 1.9.30
- Leafnode 1.9.31
- Leafnode 1.9.35
- Leafnode 1.9.36
- Leafnode 1.9.37
- Leafnode 1.9.38
- Leafnode 1.9.39
- Leafnode 1.9.40
- Leafnode 1.9.41
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0744, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0744 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.