cpe:2.3:a:fetchmail:fetchmail:4.5.7:*:*:*:*:*:*:*
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
Max CVSS
5.9
EPSS Score
0.15%
Published
2021-08-30
Updated
2022-10-28
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
Max CVSS
7.5
EPSS Score
0.43%
Published
2021-07-30
Updated
2022-10-28
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Max CVSS
6.4
EPSS Score
0.15%
Published
2009-08-07
Updated
2018-10-10
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
Max CVSS
4.3
EPSS Score
10.55%
Published
2008-06-16
Updated
2021-08-09
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Max CVSS
5.0
EPSS Score
1.87%
Published
2007-08-28
Updated
2018-10-15
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
Max CVSS
7.8
EPSS Score
10.74%
Published
2006-12-31
Updated
2018-10-17
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
Max CVSS
5.0
EPSS Score
4.84%
Published
2005-07-27
Updated
2018-10-19
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.
Max CVSS
5.0
EPSS Score
3.55%
Published
2003-11-17
Updated
2017-07-11
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
Max CVSS
7.5
EPSS Score
30.55%
Published
2002-12-23
Updated
2018-05-03
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
Max CVSS
5.0
EPSS Score
2.79%
Published
2002-10-11
Updated
2016-10-18
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
Max CVSS
7.5
EPSS Score
11.80%
Published
2002-10-11
Updated
2016-10-18
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
Max CVSS
5.0
EPSS Score
0.23%
Published
2002-06-25
Updated
2011-02-15
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-09-06
Updated
2011-02-16
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
Max CVSS
10.0
EPSS Score
1.24%
Published
2001-08-31
Updated
2011-02-16
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
Max CVSS
7.5
EPSS Score
9.56%
Published
2001-12-06
Updated
2017-10-10
Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.
Max CVSS
10.0
EPSS Score
1.39%
Published
2001-02-12
Updated
2017-12-19
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!