CVE-2006-4434

7.5 HIGH
Published: August 29, 2006 Modified: April 16, 2026
View on NVD

Description

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/21637
Source: cve@mitre.org
Broken Link Patch Vendor Advisory
http://secunia.com/advisories/21641
Source: cve@mitre.org
Broken Link Patch Vendor Advisory
http://secunia.com/advisories/21696
Source: cve@mitre.org
Broken Link Vendor Advisory
http://secunia.com/advisories/21700
Source: cve@mitre.org
Broken Link Vendor Advisory
http://secunia.com/advisories/21749
Source: cve@mitre.org
Broken Link Vendor Advisory
http://secunia.com/advisories/22369
Source: cve@mitre.org
Broken Link Vendor Advisory
http://securitytracker.com/id?1016753
Source: cve@mitre.org
Broken Link Patch Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
Source: cve@mitre.org
Broken Link
http://www.attrition.org/pipermail/vim/2006-August/000999.html
Source: cve@mitre.org
Mailing List
http://www.debian.org/security/2006/dsa-1164
Source: cve@mitre.org
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
Source: cve@mitre.org
Broken Link
http://www.novell.com/linux/security/advisories/2006_21_sr.html
Source: cve@mitre.org
Broken Link
http://www.openbsd.org/errata.html#sendmail3
Source: cve@mitre.org
Release Notes
http://www.openbsd.org/errata38.html#sendmail3
Source: cve@mitre.org
Third Party Advisory
http://www.osvdb.org/28193
Source: cve@mitre.org
Broken Link
http://www.securityfocus.com/bid/19714
Source: cve@mitre.org
Broken Link Patch Third Party Advisory VDB Entry
http://www.sendmail.org/releases/8.13.8.html
Source: cve@mitre.org
Release Notes
http://www.vupen.com/english/advisories/2006/3393
Source: cve@mitre.org
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2006/3994
Source: cve@mitre.org
Broken Link Vendor Advisory
http://secunia.com/advisories/21637
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Vendor Advisory
http://secunia.com/advisories/21641
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Vendor Advisory
http://secunia.com/advisories/21696
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/21700
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/21749
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/22369
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://securitytracker.com/id?1016753
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.attrition.org/pipermail/vim/2006-August/000999.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.debian.org/security/2006/dsa-1164
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.novell.com/linux/security/advisories/2006_21_sr.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.openbsd.org/errata.html#sendmail3
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
http://www.openbsd.org/errata38.html#sendmail3
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.osvdb.org/28193
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/19714
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Third Party Advisory VDB Entry
http://www.sendmail.org/releases/8.13.8.html
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
http://www.vupen.com/english/advisories/2006/3393
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2006/3994
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory

38 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
7.0%
92th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-416

Affected Vendors

sendmail

Related CVEs

CVE-2026-40962 4.9
CVE-2026-40505 3.3
CVE-2026-40504 9.8
CVE-2026-3299 6.4
CVE-2026-40960 8.1