Vulnerabilities (CVE)

Filtered by vendor Fetchmail Subscribe
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5974 1 Fetchmail 1 Fetchmail 2024-11-21 7.8 HIGH N/A
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.
CVE-2006-5867 1 Fetchmail 1 Fetchmail 2024-11-21 7.8 HIGH N/A
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
CVE-2006-0321 1 Fetchmail 1 Fetchmail 2024-11-21 5.0 MEDIUM N/A
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
CVE-2005-4348 1 Fetchmail 1 Fetchmail 2024-11-21 7.8 HIGH N/A
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
CVE-2005-3088 1 Fetchmail 1 Fetchmail 2024-11-21 2.1 LOW N/A
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2005-2335 1 Fetchmail 1 Fetchmail 2024-11-20 5.0 MEDIUM N/A
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
CVE-2003-0792 1 Fetchmail 1 Fetchmail 2024-11-20 5.0 MEDIUM N/A
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.
CVE-2002-1365 1 Fetchmail 1 Fetchmail 2024-11-20 7.5 HIGH N/A
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
CVE-2002-1175 1 Fetchmail 1 Fetchmail 2024-11-20 5.0 MEDIUM N/A
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
CVE-2002-1174 1 Fetchmail 1 Fetchmail 2024-11-20 7.5 HIGH N/A
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
CVE-2002-0146 1 Fetchmail 1 Fetchmail 2024-11-20 5.0 MEDIUM N/A
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
CVE-2001-1378 1 Fetchmail 1 Fetchmail 2024-11-20 2.1 LOW N/A
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
CVE-2001-1009 1 Fetchmail 1 Fetchmail 2024-11-20 10.0 HIGH N/A
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
CVE-2001-0819 1 Fetchmail 1 Fetchmail 2024-11-20 7.5 HIGH N/A
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
CVE-2001-0101 1 Fetchmail 1 Fetchmail 2024-11-20 10.0 HIGH N/A
Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.
CVE-2021-36386 2 Fedoraproject, Fetchmail 2 Fedora, Fetchmail 2024-02-04 5.0 MEDIUM 7.5 HIGH
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
CVE-2021-39272 2 Fedoraproject, Fetchmail 2 Fedora, Fetchmail 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVE-2012-3482 1 Fetchmail 1 Fetchmail 2024-02-04 5.8 MEDIUM N/A
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
CVE-2010-0562 1 Fetchmail 1 Fetchmail 2024-02-04 6.8 MEDIUM N/A
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.
CVE-2011-1947 1 Fetchmail 1 Fetchmail 2024-02-04 5.0 MEDIUM N/A
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.