Known Vulnerabilities for products from Fetchmail
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Fetchmail".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-39272 | Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with ... | 5.9 - MEDIUM | 2021-08-30 | 2023-11-07 |
| CVE-2021-36386 | report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which ... | 7.5 - HIGH | 2021-07-30 | 2023-11-07 |
| CVE-2012-3482 | Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denia... | 5.8 - MEDIUM | 2012-12-21 | 2013-04-05 |
| CVE-2011-1947 | fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which ... | 5 - MEDIUM | 2011-06-02 | 2018-10-09 |
| CVE-2010-1167 | fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character ... | 4.3 - MEDIUM | 2010-05-07 | 2018-10-10 |
| CVE-2010-0562 | The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which ch... | 6.8 - MEDIUM | 2010-02-08 | 2011-04-27 |
| CVE-2009-2666 | socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (... | 6.4 - MEDIUM | 2009-08-07 | 2018-10-10 |
| CVE-2008-2711 | fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (... | 4.3 - MEDIUM | 2008-06-16 | 2021-08-09 |
| CVE-2007-4565 | sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and applic... | 5 - MEDIUM | 2007-08-28 | 2018-10-15 |
| CVE-2006-5974 | fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to ... | 7.8 - HIGH | 2006-12-31 | 2018-10-17 |
| CVE-2006-5867 | fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain... | 7.8 - HIGH | 2006-12-31 | 2018-10-17 |
| CVE-2006-0321 | fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-ma... | 5 - MEDIUM | 2006-01-24 | 2018-10-19 |
| CVE-2005-4348 | fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of s... | 7.8 - HIGH | 2005-12-21 | 2018-10-19 |
| CVE-2005-3088 | fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable perm... | 2.1 - LOW | 2005-10-27 | 2018-10-03 |
| CVE-2005-2335 | Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and po... | 5 - MEDIUM | 2005-07-27 | 2018-10-19 |
| CVE-2003-0792 | Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial... | 5 - MEDIUM | 2003-11-17 | 2017-07-11 |
| CVE-2002-1365 | Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer leng... | 7.5 - HIGH | 2002-12-23 | 2018-05-03 |
| CVE-2002-1175 | The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS pa... | 5 - MEDIUM | 2002-10-11 | 2016-10-18 |
| CVE-2002-1174 | Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitr... | 7.5 - HIGH | 2002-10-11 | 2016-10-18 |
| CVE-2002-0146 | fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote ... | 5 - MEDIUM | 2002-06-25 | 2011-02-15 |
Known software with vulnerabilities from Fetchmail
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Fetchmail | Fetchmail | 4.5.1 |