National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:fetchmail:fetchmail:6.1.0
There are 10 matching records.
Vuln ID Summary CVSS Severity

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

Published: December 21, 2012; 12:46:16 AM -05:00
    V2: 5.8 MEDIUM

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

Published: June 02, 2011; 03:55:03 PM -04:00
    V2: 5.0 MEDIUM

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

Published: May 07, 2010; 02:24:15 PM -04:00
    V2: 4.3 MEDIUM

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Published: August 07, 2009; 03:00:01 PM -04:00
    V2: 6.4 MEDIUM

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

Published: June 16, 2008; 05:41:00 PM -04:00
    V2: 4.3 MEDIUM

sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.

Published: August 27, 2007; 09:17:00 PM -04:00
    V2: 5.0 MEDIUM

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

Published: December 31, 2006; 12:00:00 AM -05:00
    V2: 7.8 HIGH

Buffer overflow in the POP3 client in Fetchmail before allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.

Published: July 27, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM

Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.

Published: November 17, 2003; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM

Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH