Vulnerabilities > Fetchmail > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2021-36386 | Missing Initialization of Resource vulnerability in multiple products report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. | 7.5 |
| 2006-12-31 | CVE-2006-5974 | Improper Input Validation vulnerability in Fetchmail 6.3.5/6.3.6 fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. | 7.8 |
| 2006-12-31 | CVE-2006-5867 | Improper Input Validation vulnerability in Fetchmail fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. | 7.8 |
| 2005-12-21 | CVE-2005-4348 | Resource Management Errors vulnerability in Fetchmail fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. | 7.8 |
| 2002-12-23 | CVE-2002-1365 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses. | 7.5 |
| 2002-10-11 | CVE-2002-1174 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function. | 7.5 |
| 2001-12-06 | CVE-2001-0819 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. | 7.5 |