Fetchmail

fetchmail

Vendor: Fetchmail • 24 CVEs

CVEs (24)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-39272 2Fedoraproject Fetchmail 2Fedora Fetchmail Nov 21, 2024 Aug 30, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVE-2021-36386 2Fedoraproject Fetchmail 2Fedora Fetchmail Nov 21, 2024 Jul 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact...Show more report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.Show less
CVE-2012-3482 1Fetchmail 1Fetchmail Apr 29, 2026 Dec 21, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that trig...Show more Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.Show less
CVE-2011-1947 1Fetchmail 1Fetchmail Apr 29, 2026 Jun 2, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the requ...Show more fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.Show less
CVE-2010-1167 1Fetchmail 1Fetchmail Apr 29, 2026 May 7, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and appl...Show more fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.Show less
CVE-2010-0562 1Fetchmail 1Fetchmail Apr 29, 2026 Feb 8, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possi...Show more The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.Show less
CVE-2009-2666 1Fetchmail 1Fetchmail Apr 23, 2026 Aug 7, 2009 N/A· v4 N/A· v3 6.4 MEDIUM· v2 socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary...Show more socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Show less
CVE-2008-2711 1Fetchmail 1Fetchmail Apr 23, 2026 Jun 16, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which trigge...Show more fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.Show less
CVE-2007-4565 1Fetchmail 1Fetchmail Apr 23, 2026 Aug 28, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
CVE-2006-5974 1Fetchmail 1Fetchmail Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 7.8 HIGH· v2 fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference w...Show more fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.Show less
CVE-2006-5867 1Fetchmail 1Fetchmail Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 7.8 HIGH· v2 fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-...Show more fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.Show less
CVE-2006-0321 1Fetchmail 1Fetchmail Apr 16, 2026 Jan 24, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the o...Show more fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.Show less
CVE-2005-4348 1Fetchmail 1Fetchmail Apr 16, 2026 Dec 21, 2005 N/A· v4 N/A· v3 7.8 HIGH· v2 fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
CVE-2005-3088 1Fetchmail 1Fetchmail Apr 16, 2026 Oct 27, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2005-2335 1Fetchmail 1Fetchmail Apr 16, 2026 Jul 27, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentall...Show more Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.Show less
CVE-2003-0792 1Fetchmail 1Fetchmail Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.
CVE-2002-1365 1Fetchmail 1Fetchmail Apr 16, 2026 Dec 23, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header w...Show more Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.Show less
CVE-2002-1175 1Fetchmail 1Fetchmail Apr 16, 2026 Oct 11, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (c...Show more The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.Show less
CVE-2002-1174 1Fetchmail 1Fetchmail Apr 16, 2026 Oct 11, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (...Show more Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.Show less
CVE-2002-0146 1Fetchmail 1Fetchmail Apr 16, 2026 Jun 25, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.

12 Next