Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.3.8 |
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 5.8.5 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 5.9.0 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.8.13 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.8.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.8.11 |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 5.8.5 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 5.9.0 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.8.14 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.8.17 |
| fetchmail | fetchmail | 5.8.13 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.8.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.9.5 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.9.4 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.8.11 |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 5.9.11 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 5.8.5 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 5.9.0 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.8.14 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.8.17 |
| fetchmail | fetchmail | 5.8.13 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.8.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.9.5 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 5.9.10 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.9.8 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.9.4 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.8.11 |
| fetchmail | fetchmail | 5.9.13 |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 5.9.11 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 5.8.5 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 5.9.0 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.8.14 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.8.17 |
| fetchmail | fetchmail | 5.8.13 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.8.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.9.5 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 5.9.10 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.9.8 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.9.4 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.8.11 |
| fetchmail | fetchmail | 5.9.13 |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 6.1.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 5.9.11 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 5.8.5 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 5.9.0 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.8.14 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.8.17 |
| fetchmail | fetchmail | 5.8.13 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.8.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.9.5 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 5.9.10 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.9.8 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.9.4 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 6.0.0 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.8.11 |
| fetchmail | fetchmail | 5.9.13 |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 6.2.0 |
| fetchmail | fetchmail | 6.1.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 5.9.11 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 6.1.3 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 5.8.5 |
| fetchmail | fetchmail | 6.2.2 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 5.9.0 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.8.14 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.8.17 |
| fetchmail | fetchmail | 5.8.13 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.8.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.9.5 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 5.9.10 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.9.8 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.9.4 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 6.2.3 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 6.0.0 |
| fetchmail | fetchmail | 6.2.1 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.8.11 |
| fetchmail | fetchmail | 5.9.13 |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 6.2.0 |
| fetchmail | fetchmail | 6.1.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 4.5.8 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 5.9.11 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 6.1.3 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 6.2.4 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 4.5.2 |
| fetchmail | fetchmail | 4.5.5 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 5.8.5 |
| fetchmail | fetchmail | 6.2.2 |
| fetchmail | fetchmail | 4.5.4 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 4.6.0 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 4.5.3 |
| fetchmail | fetchmail | 6.3.4 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 5.9.0 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.8.14 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.8.17 |
| fetchmail | fetchmail | 5.8.13 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 4.5.6 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 4.6.2 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 5.8.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.9.5 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 6.2.5 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 5.9.10 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 4.5.1 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.9.8 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 4.5.7 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 5.9.4 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 6.2.3 |
| fetchmail | fetchmail | 4.6.1 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 6.0.0 |
| fetchmail | fetchmail | 6.2.1 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.8.11 |
| fetchmail | fetchmail | 5.9.13 |
| fetchmail | fetchmail | 5.6.0 |
| fetchmail | fetchmail | 5.3.8 |
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 6.2.0 |
| fetchmail | fetchmail | 6.2.5 |
| fetchmail | fetchmail | 6.2.5.2 |
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | * |
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 6.3.1 |
| fetchmail | fetchmail | 6.3.0 |
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 6.3.13 |
| fetchmail | fetchmail | 6.3.12 |
| fetchmail | fetchmail | 6.3.11 |
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 6.3.2 |
| fetchmail | fetchmail | 6.2.0 |
| fetchmail | fetchmail | 6.3.1 |
| fetchmail | fetchmail | 6.3.16 |
| fetchmail | fetchmail | 4.7.7 |
| fetchmail | fetchmail | 5.3.0 |
| fetchmail | fetchmail | 5.7.0 |
| fetchmail | fetchmail | 6.2.6 |
| fetchmail | fetchmail | 4.7.2 |
| fetchmail | fetchmail | 5.8.5 |
| fetchmail | fetchmail | 6.3.8 |
| fetchmail | fetchmail | 6.2.2 |
| fetchmail | fetchmail | 6.2.5.2 |
| fetchmail | fetchmail | 5.4.3 |
| fetchmail | fetchmail | 6.3.9 |
| fetchmail | fetchmail | 6.3.4 |
| fetchmail | fetchmail | 5.0.0 |
| fetchmail | fetchmail | 5.2.4 |
| fetchmail | fetchmail | 5.9.0 |
| fetchmail | fetchmail | 4.7.4 |
| fetchmail | fetchmail | 5.8.4 |
| fetchmail | fetchmail | 5.0.5 |
| fetchmail | fetchmail | 5.8.17 |
| fetchmail | fetchmail | 5.8.13 |
| fetchmail | fetchmail | 5.3.3 |
| fetchmail | fetchmail | 4.6.4 |
| fetchmail | fetchmail | 5.8 |
| fetchmail | fetchmail | 5.1.0 |
| fetchmail | fetchmail | 5.8.6 |
| fetchmail | fetchmail | 5.1.4 |
| fetchmail | fetchmail | 5.9.5 |
| fetchmail | fetchmail | 5.8.2 |
| fetchmail | fetchmail | 6.2.5 |
| fetchmail | fetchmail | 4.7.5 |
| fetchmail | fetchmail | 5.2.7 |
| fetchmail | fetchmail | 4.7.3 |
| fetchmail | fetchmail | 6.3.0 |
| fetchmail | fetchmail | 5.0.3 |
| fetchmail | fetchmail | 6.3.15 |
| fetchmail | fetchmail | 4.6.5 |
| fetchmail | fetchmail | 5.8.3 |
| fetchmail | fetchmail | 5.3.1 |
| fetchmail | fetchmail | 6.3.14 |
| fetchmail | fetchmail | 4.6.3 |
| fetchmail | fetchmail | 6.2.1 |
| fetchmail | fetchmail | 5.8.11 |
| fetchmail | fetchmail | 5.9.13 |
| fetchmail | fetchmail | 5.3.8 |
| fetchmail | fetchmail | 5.4.0 |
| fetchmail | fetchmail | 6.3.12 |
| fetchmail | fetchmail | 6.1.0 |
| fetchmail | fetchmail | 4.6.9 |
| fetchmail | fetchmail | 5.0.4 |
| fetchmail | fetchmail | 5.9.11 |
| fetchmail | fetchmail | 4.7.1 |
| fetchmail | fetchmail | 6.1.3 |
| fetchmail | fetchmail | 5.5.0 |
| fetchmail | fetchmail | 6.2.4 |
| fetchmail | fetchmail | 5.0.7 |
| fetchmail | fetchmail | 5.0.1 |
| fetchmail | fetchmail | 6.3.7 |
| fetchmail | fetchmail | 5.8.1 |
| fetchmail | fetchmail | 5.0.2 |
| fetchmail | fetchmail | 5.2.0 |
| fetchmail | fetchmail | 4.6.8 |
| fetchmail | fetchmail | 5.2.8 |
| fetchmail | fetchmail | 6.3.11 |
| fetchmail | fetchmail | 4.6.7 |
| fetchmail | fetchmail | 6.2.5.4 |
| fetchmail | fetchmail | 6.2.9 |
| fetchmail | fetchmail | 5.2.3 |
| fetchmail | fetchmail | 5.7.4 |
| fetchmail | fetchmail | 4.7.0 |
| fetchmail | fetchmail | 5.8.14 |
| fetchmail | fetchmail | 5.0.8 |
| fetchmail | fetchmail | 6.3.3 |
| fetchmail | fetchmail | 5.4.5 |
| fetchmail | fetchmail | 5.5.5 |
| fetchmail | fetchmail | 4.7.6 |
| fetchmail | fetchmail | 5.5.3 |
| fetchmail | fetchmail | 6.3.13 |
| fetchmail | fetchmail | 4.6.6 |
| fetchmail | fetchmail | 6.3.5 |
| fetchmail | fetchmail | 5.9.10 |
| fetchmail | fetchmail | 6.2.5.1 |
| fetchmail | fetchmail | 5.4.4 |
| fetchmail | fetchmail | 6.3.10 |
| fetchmail | fetchmail | 5.9.8 |
| fetchmail | fetchmail | 5.5.2 |
| fetchmail | fetchmail | 5.9.4 |
| fetchmail | fetchmail | 5.2.1 |
| fetchmail | fetchmail | 6.2.3 |
| fetchmail | fetchmail | 5.7.2 |
| fetchmail | fetchmail | 6.0.0 |
| fetchmail | fetchmail | 5.0.6 |
| fetchmail | fetchmail | 5.5.6 |
| fetchmail | fetchmail | 6.3.6 |
| fetchmail | fetchmail | * |
| fetchmail | fetchmail | 5.6.0 |
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fetchmail | fetchmail | 6.3.2 |
| fetchmail | fetchmail | 6.2.0 |
| fetchmail | fetchmail | 6.3.1 |
| fetchmail | fetchmail | 6.3.12 |
| fetchmail | fetchmail | 6.3.19 |
| fetchmail | fetchmail | 6.1.0 |
| fetchmail | fetchmail | 6.3.18 |
| fetchmail | fetchmail | 6.3.16 |
| fetchmail | fetchmail | 5.9.11 |
| fetchmail | fetchmail | 6.1.3 |
| fetchmail | fetchmail | 6.3.13 |
| fetchmail | fetchmail | 6.2.6 |
| fetchmail | fetchmail | 6.2.4 |
| fetchmail | fetchmail | 6.2.5 |
| fetchmail | fetchmail | 6.3.5 |
| fetchmail | fetchmail | 5.9.10 |
| fetchmail | fetchmail | 6.3.8 |
| fetchmail | fetchmail | 6.2.2 |
| fetchmail | fetchmail | 6.2.5.2 |
| fetchmail | fetchmail | 6.3.0 |
| fetchmail | fetchmail | 6.2.5.1 |
| fetchmail | fetchmail | 6.3.7 |
| fetchmail | fetchmail | 6.3.15 |
| fetchmail | fetchmail | 5.9.9 |
| fetchmail | fetchmail | 6.3.10 |
| fetchmail | fetchmail | 6.3.11 |
| fetchmail | fetchmail | 6.3.9 |
| fetchmail | fetchmail | 6.3.4 |
| fetchmail | fetchmail | 6.2.5.4 |
| fetchmail | fetchmail | 6.2.9 |
| fetchmail | fetchmail | 6.2.3 |
| fetchmail | fetchmail | 6.3.14 |
| fetchmail | fetchmail | 6.3.17 |
| fetchmail | fetchmail | 6.0.0 |
| fetchmail | fetchmail | 6.2.1 |
| fetchmail | fetchmail | 6.3.6 |
| fetchmail | fetchmail | 5.9.13 |
| fetchmail | fetchmail | 6.3.3 |
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-909,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| fedoraproject | fedora | 34 |
| fetchmail | fetchmail | * |
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 35 |
| fetchmail | fetchmail | * |