Filtered by vendor Fetchmail Subscriptions

Search

Switch to Advanced Search (Beta)
Total 25 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-1947 1 Fetchmail 1 Fetchmail 2025-04-11 N/A
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
CVE-2010-1167 1 Fetchmail 1 Fetchmail 2025-04-11 N/A
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
CVE-2012-3482 1 Fetchmail 1 Fetchmail 2025-04-11 N/A
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
CVE-2021-39272 3 Fedoraproject, Fetchmail, Redhat 3 Fedora, Fetchmail, Enterprise Linux 2024-11-21 5.9 Medium
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVE-2021-36386 3 Fedoraproject, Fetchmail, Redhat 3 Fedora, Fetchmail, Enterprise Linux 2024-11-21 7.5 High
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.