Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fetchmail Subscribe
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39272 2 Fedoraproject, Fetchmail 2 Fedora, Fetchmail 2022-10-28 4.3 MEDIUM 5.9 MEDIUM
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVE-2021-36386 2 Fedoraproject, Fetchmail 2 Fedora, Fetchmail 2022-10-28 5.0 MEDIUM 7.5 HIGH
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
CVE-2008-2711 1 Fetchmail 1 Fetchmail 2021-08-09 4.3 MEDIUM N/A
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
CVE-2006-0321 1 Fetchmail 1 Fetchmail 2018-10-19 5.0 MEDIUM N/A
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
CVE-2005-4348 1 Fetchmail 1 Fetchmail 2018-10-19 7.8 HIGH N/A
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
CVE-2005-2335 1 Fetchmail 1 Fetchmail 2018-10-19 5.0 MEDIUM N/A
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
CVE-2006-5974 1 Fetchmail 1 Fetchmail 2018-10-17 7.8 HIGH N/A
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.
CVE-2006-5867 1 Fetchmail 1 Fetchmail 2018-10-17 7.8 HIGH N/A
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
CVE-2007-4565 1 Fetchmail 1 Fetchmail 2018-10-15 5.0 MEDIUM N/A
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
CVE-2010-1167 1 Fetchmail 1 Fetchmail 2018-10-10 4.3 MEDIUM N/A
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
CVE-2009-2666 1 Fetchmail 1 Fetchmail 2018-10-10 6.4 MEDIUM N/A
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2011-1947 1 Fetchmail 1 Fetchmail 2018-10-09 5.0 MEDIUM N/A
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
CVE-2005-3088 1 Fetchmail 1 Fetchmail 2018-10-03 2.1 LOW N/A
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2002-1365 1 Fetchmail 1 Fetchmail 2018-05-02 7.5 HIGH N/A
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
CVE-2001-0101 1 Fetchmail 1 Fetchmail 2017-12-18 10.0 HIGH N/A
Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.
CVE-2001-0819 1 Fetchmail 1 Fetchmail 2017-10-09 7.5 HIGH N/A
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
CVE-2003-0792 1 Fetchmail 1 Fetchmail 2017-07-10 5.0 MEDIUM N/A
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.
CVE-2002-1174 1 Fetchmail 1 Fetchmail 2016-10-17 7.5 HIGH N/A
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
CVE-2002-1175 1 Fetchmail 1 Fetchmail 2016-10-17 5.0 MEDIUM N/A
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
CVE-2012-3482 1 Fetchmail 1 Fetchmail 2013-04-04 5.8 MEDIUM N/A
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.