Vulnerabilities > Fetchmail > Fetchmail > 6.2.4

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-39272 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
network
high complexity
fetchmail fedoraproject CWE-319
5.9
2021-07-30 CVE-2021-36386 Missing Initialization of Resource vulnerability in multiple products
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages.
network
low complexity
fetchmail fedoraproject CWE-909
7.5
2012-12-21 CVE-2012-3482 Remote Denial of Service vulnerability in Fetchmail NTLM Authentication Debug Mode
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
network
fetchmail
5.8
2011-06-02 CVE-2011-1947 Resource Management Errors vulnerability in Fetchmail
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
network
low complexity
fetchmail CWE-399
5.0
2010-05-07 CVE-2010-1167 Improper Input Validation vulnerability in Fetchmail
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
network
fetchmail CWE-20
4.3
2009-08-07 CVE-2009-2666 Cryptographic Issues vulnerability in Fetchmail
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
network
low complexity
fetchmail CWE-310
6.4
2008-06-16 CVE-2008-2711 Improper Input Validation vulnerability in Fetchmail
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
network
fetchmail CWE-20
4.3
2007-08-28 CVE-2007-4565 Remote Denial of Service vulnerability in Fetchmail Failed Warning Message
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
network
low complexity
fetchmail
5.0
2006-12-31 CVE-2006-5867 Improper Input Validation vulnerability in Fetchmail
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
network
low complexity
fetchmail CWE-20
7.8
2005-12-21 CVE-2005-4348 Resource Management Errors vulnerability in Fetchmail
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
network
low complexity
fetchmail CWE-399
7.8