Fetchmail

Fetchmail

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-61962

  • EPSS 0.05%
  • Veröffentlicht 04.10.2025 00:00:00
  • Zuletzt bearbeitet 06.10.2025 14:56:47

In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context.

5.9

CVE-2021-39272

  • EPSS 0.18%
  • Veröffentlicht 30.08.2021 06:15:06
  • Zuletzt bearbeitet 21.11.2024 06:19:05

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

7.5

CVE-2021-36386

  • EPSS 0.26%
  • Veröffentlicht 30.07.2021 14:15:18
  • Zuletzt bearbeitet 21.11.2024 06:13:39

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE...

5.8

CVE-2012-3482

  • EPSS 1.08%
  • Veröffentlicht 21.12.2012 05:46:16
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in ...

5

CVE-2011-1947

  • EPSS 2.44%
  • Veröffentlicht 02.06.2011 19:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional...

4.3

CVE-2010-1167

  • EPSS 0.77%
  • Veröffentlicht 07.05.2010 18:24:15
  • Zuletzt bearbeitet 11.04.2025 00:51:21

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (...

6.8

CVE-2010-0562

  • EPSS 1.75%
  • Veröffentlicht 08.02.2010 21:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via...

6.4

CVE-2009-2666

  • EPSS 0.58%
  • Veröffentlicht 07.08.2009 19:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted cert...

4.3

CVE-2008-2711

  • EPSS 3.32%
  • Veröffentlicht 16.06.2008 21:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference wh...

5

CVE-2007-4565

  • EPSS 2.54%
  • Veröffentlicht 28.08.2007 01:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.