The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.
Max CVSS
6.8
EPSS Score
11.56%
Published
2010-02-08
Updated
2011-04-27
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
Max CVSS
5.0
EPSS Score
4.84%
Published
2005-07-27
Updated
2018-10-19
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
Max CVSS
7.5
EPSS Score
30.55%
Published
2002-12-23
Updated
2018-05-03
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
Max CVSS
7.5
EPSS Score
11.80%
Published
2002-10-11
Updated
2016-10-18
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
Max CVSS
7.5
EPSS Score
9.56%
Published
2001-12-06
Updated
2017-10-10
5 vulnerabilities found