MidnightBSD

Advisories for fetchmail

CVE-2001-0101 HIGH

Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.2.4
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.2.1
fetchmail fetchmail 4.6.1
fetchmail fetchmail 4.6.3
fetchmail fetchmail 5.0.6
fetchmail fetchmail *
fetchmail fetchmail 5.3.8
CVE-2001-0819 HIGH

A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.2.4
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.8
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.8.2
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.2.1
fetchmail fetchmail 4.6.1
fetchmail fetchmail 5.7.2
fetchmail fetchmail 4.6.3
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2001-1009 HIGH

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 5.8.5
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.9.0
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.8
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.8.2
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.2.1
fetchmail fetchmail 4.6.1
fetchmail fetchmail 5.7.2
fetchmail fetchmail 4.6.3
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2001-1378 LOW

fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.2.4
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.2.1
fetchmail fetchmail 4.6.1
fetchmail fetchmail 4.6.3
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2002-0146 MEDIUM

fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 5.8.5
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.9.0
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.8.17
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.8
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.8.2
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.2.1
fetchmail fetchmail 4.6.1
fetchmail fetchmail 5.7.2
fetchmail fetchmail 4.6.3
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2002-1174 HIGH

Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 5.9.11
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 5.8.5
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.9.0
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.8.17
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.8
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.8.2
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 5.9.10
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.2.1
fetchmail fetchmail 4.6.1
fetchmail fetchmail 5.7.2
fetchmail fetchmail 4.6.3
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2002-1175 MEDIUM

The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 5.9.11
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 5.8.5
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.9.0
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.8.17
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.8
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.8.2
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 5.9.10
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.2.1
fetchmail fetchmail 4.6.1
fetchmail fetchmail 5.7.2
fetchmail fetchmail 4.6.3
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2002-1365 HIGH

Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 6.1.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 5.9.11
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 5.8.5
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.9.0
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.8.17
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.8
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.8.2
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 5.9.10
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.2.1
fetchmail fetchmail 4.6.1
fetchmail fetchmail 5.7.2
fetchmail fetchmail 4.6.3
fetchmail fetchmail 6.0.0
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2003-0792 MEDIUM

Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 6.2.0
fetchmail fetchmail 6.1.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 5.9.11
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 6.1.3
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 5.8.5
fetchmail fetchmail 6.2.2
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.9.0
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.8.17
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.8
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.8.2
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 5.9.10
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.2.1
fetchmail fetchmail 6.2.3
fetchmail fetchmail 4.6.1
fetchmail fetchmail 5.7.2
fetchmail fetchmail 4.6.3
fetchmail fetchmail 6.0.0
fetchmail fetchmail 6.2.1
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2005-2335 MEDIUM

Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fetchmail fetchmail 5.4.0
fetchmail fetchmail 6.2.0
fetchmail fetchmail 6.1.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.5.8
fetchmail fetchmail 5.0.4
fetchmail fetchmail 5.9.11
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.7.7
fetchmail fetchmail 6.1.3
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.5.0
fetchmail fetchmail 4.7.2
fetchmail fetchmail 6.2.4
fetchmail fetchmail 5.0.7
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.5
fetchmail fetchmail 5.0.1
fetchmail fetchmail 5.8.5
fetchmail fetchmail 6.2.2
fetchmail fetchmail 4.5.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.4.3
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.5.3
fetchmail fetchmail 6.3.4
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.9.0
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.8.17
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.8
fetchmail fetchmail 4.5.6
fetchmail fetchmail 5.1.0
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.6.6
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.8.2
fetchmail fetchmail 6.2.5
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 5.9.10
fetchmail fetchmail 4.7.3
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.5.1
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.5.2
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.2.1
fetchmail fetchmail 6.2.3
fetchmail fetchmail 4.6.1
fetchmail fetchmail 5.7.2
fetchmail fetchmail 4.6.3
fetchmail fetchmail 6.0.0
fetchmail fetchmail 6.2.1
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail *
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.3.8
CVE-2005-3088 LOW

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
fetchmail fetchmail 6.2.0
fetchmail fetchmail 6.2.5
fetchmail fetchmail 6.2.5.2
CVE-2005-4348 HIGH

fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
fetchmail fetchmail *
CVE-2006-0321 MEDIUM

fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fetchmail fetchmail 6.3.1
fetchmail fetchmail 6.3.0
CVE-2010-0562 MEDIUM

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fetchmail fetchmail 6.3.13
fetchmail fetchmail 6.3.12
fetchmail fetchmail 6.3.11
CVE-2010-1167 MEDIUM

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fetchmail fetchmail 6.3.2
fetchmail fetchmail 6.2.0
fetchmail fetchmail 6.3.1
fetchmail fetchmail 6.3.16
fetchmail fetchmail 4.7.7
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.7.0
fetchmail fetchmail 6.2.6
fetchmail fetchmail 4.7.2
fetchmail fetchmail 5.8.5
fetchmail fetchmail 6.3.8
fetchmail fetchmail 6.2.2
fetchmail fetchmail 6.2.5.2
fetchmail fetchmail 5.4.3
fetchmail fetchmail 6.3.9
fetchmail fetchmail 6.3.4
fetchmail fetchmail 5.0.0
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.9.0
fetchmail fetchmail 4.7.4
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.0.5
fetchmail fetchmail 5.8.17
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.3.3
fetchmail fetchmail 4.6.4
fetchmail fetchmail 5.8
fetchmail fetchmail 5.1.0
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.8.2
fetchmail fetchmail 6.2.5
fetchmail fetchmail 4.7.5
fetchmail fetchmail 5.2.7
fetchmail fetchmail 4.7.3
fetchmail fetchmail 6.3.0
fetchmail fetchmail 5.0.3
fetchmail fetchmail 6.3.15
fetchmail fetchmail 4.6.5
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.3.1
fetchmail fetchmail 6.3.14
fetchmail fetchmail 4.6.3
fetchmail fetchmail 6.2.1
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.3.8
fetchmail fetchmail 5.4.0
fetchmail fetchmail 6.3.12
fetchmail fetchmail 6.1.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 5.0.4
fetchmail fetchmail 5.9.11
fetchmail fetchmail 4.7.1
fetchmail fetchmail 6.1.3
fetchmail fetchmail 5.5.0
fetchmail fetchmail 6.2.4
fetchmail fetchmail 5.0.7
fetchmail fetchmail 5.0.1
fetchmail fetchmail 6.3.7
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.2.0
fetchmail fetchmail 4.6.8
fetchmail fetchmail 5.2.8
fetchmail fetchmail 6.3.11
fetchmail fetchmail 4.6.7
fetchmail fetchmail 6.2.5.4
fetchmail fetchmail 6.2.9
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.7.4
fetchmail fetchmail 4.7.0
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.0.8
fetchmail fetchmail 6.3.3
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.5.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 5.5.3
fetchmail fetchmail 6.3.13
fetchmail fetchmail 4.6.6
fetchmail fetchmail 6.3.5
fetchmail fetchmail 5.9.10
fetchmail fetchmail 6.2.5.1
fetchmail fetchmail 5.4.4
fetchmail fetchmail 6.3.10
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.5.2
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.2.1
fetchmail fetchmail 6.2.3
fetchmail fetchmail 5.7.2
fetchmail fetchmail 6.0.0
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.5.6
fetchmail fetchmail 6.3.6
fetchmail fetchmail *
fetchmail fetchmail 5.6.0
CVE-2011-1947 MEDIUM

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
fetchmail fetchmail 6.3.2
fetchmail fetchmail 6.2.0
fetchmail fetchmail 6.3.1
fetchmail fetchmail 6.3.12
fetchmail fetchmail 6.3.19
fetchmail fetchmail 6.1.0
fetchmail fetchmail 6.3.18
fetchmail fetchmail 6.3.16
fetchmail fetchmail 5.9.11
fetchmail fetchmail 6.1.3
fetchmail fetchmail 6.3.13
fetchmail fetchmail 6.2.6
fetchmail fetchmail 6.2.4
fetchmail fetchmail 6.2.5
fetchmail fetchmail 6.3.5
fetchmail fetchmail 5.9.10
fetchmail fetchmail 6.3.8
fetchmail fetchmail 6.2.2
fetchmail fetchmail 6.2.5.2
fetchmail fetchmail 6.3.0
fetchmail fetchmail 6.2.5.1
fetchmail fetchmail 6.3.7
fetchmail fetchmail 6.3.15
fetchmail fetchmail 5.9.9
fetchmail fetchmail 6.3.10
fetchmail fetchmail 6.3.11
fetchmail fetchmail 6.3.9
fetchmail fetchmail 6.3.4
fetchmail fetchmail 6.2.5.4
fetchmail fetchmail 6.2.9
fetchmail fetchmail 6.2.3
fetchmail fetchmail 6.3.14
fetchmail fetchmail 6.3.17
fetchmail fetchmail 6.0.0
fetchmail fetchmail 6.2.1
fetchmail fetchmail 6.3.6
fetchmail fetchmail 5.9.13
fetchmail fetchmail 6.3.3
CVE-2021-36386 MEDIUM

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 34
fetchmail fetchmail *
CVE-2021-39272 MEDIUM

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35
fetchmail fetchmail *