Leafnode fetchnews Client Article Header Remote Denial of Service Vulnerability

Leafnode fetchnews Client Article Header Remote Denial of Service Vulnerability

Fetchnews is prone to a remote denial of service vulnerability that may allow a remote attacker to cause the software to hang.

The vulnerability manifests when an upstream news server terminates the connection abruptly after fetchnews has requested an article header and before the data transfer is complete.

This vulnerability affects Leafnode 1.9.48 to 1.11.1. The vendor has advised that versions 1.11.2 and newer are not vulnerable to this issue.