Vulnerabilities > Fetchmail

DATE CVE VULNERABILITY TITLE RISK
2006-12-31 CVE-2006-5867 Improper Input Validation vulnerability in Fetchmail
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
network
low complexity
fetchmail CWE-20
7.8
2006-01-24 CVE-2006-0321 Improper Input Validation vulnerability in Fetchmail 6.3.0/6.3.1
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
network
low complexity
fetchmail CWE-20
5.0
2005-12-21 CVE-2005-4348 Resource Management Errors vulnerability in Fetchmail
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
network
low complexity
fetchmail CWE-399
7.8
2005-10-27 CVE-2005-3088 Information Exposure vulnerability in Fetchmail 6.2.0/6.2.5/6.2.5.2
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
local
low complexity
fetchmail CWE-200
2.1
2005-07-27 CVE-2005-2335 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses.
network
low complexity
fetchmail CWE-119
5.0
2003-11-17 CVE-2003-0792 Resource Management Errors vulnerability in Fetchmail
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.
network
low complexity
fetchmail CWE-399
5.0
2002-12-23 CVE-2002-1365 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
network
low complexity
fetchmail CWE-119
7.5
2002-10-11 CVE-2002-1175 Improper Input Validation vulnerability in Fetchmail
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
network
low complexity
fetchmail CWE-20
5.0
2002-10-11 CVE-2002-1174 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
network
low complexity
fetchmail CWE-119
7.5
2002-06-25 CVE-2002-0146 Improper Input Validation vulnerability in Fetchmail
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
network
low complexity
fetchmail CWE-20
5.0