Vulnerabilities > Fetchmail > Fetchmail > 5.8.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-23 | CVE-2002-1365 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses. | 7.5 |
2002-10-11 | CVE-2002-1175 | Improper Input Validation vulnerability in Fetchmail The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary. | 5.0 |
2002-10-11 | CVE-2002-1174 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function. | 7.5 |
2002-06-25 | CVE-2002-0146 | Improper Input Validation vulnerability in Fetchmail fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. | 5.0 |
2001-12-06 | CVE-2001-0819 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. | 7.5 |
2001-08-31 | CVE-2001-1009 | Permissions, Privileges, and Access Controls vulnerability in Fetchmail Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. | 10.0 |