Vulnerabilities > Fetchmail > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-39272 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. | 5.9 |
| 2012-12-21 | CVE-2012-3482 | Remote Denial of Service vulnerability in Fetchmail NTLM Authentication Debug Mode Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. network fetchmail | 5.8 |
| 2011-06-02 | CVE-2011-1947 | Resource Management Errors vulnerability in Fetchmail fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets. | 5.0 |
| 2010-05-07 | CVE-2010-1167 | Improper Input Validation vulnerability in Fetchmail fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list. | 4.3 |
| 2010-02-08 | CVE-2010-0562 | Buffer Errors vulnerability in Fetchmail 6.3.11/6.3.12/6.3.13 The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping. | 6.8 |
| 2009-08-07 | CVE-2009-2666 | Cryptographic Issues vulnerability in Fetchmail socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.4 |
| 2008-06-16 | CVE-2008-2711 | Improper Input Validation vulnerability in Fetchmail fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages. | 4.3 |
| 2007-08-28 | CVE-2007-4565 | Remote Denial of Service vulnerability in Fetchmail Failed Warning Message sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. | 5.0 |
| 2006-01-24 | CVE-2006-0321 | Improper Input Validation vulnerability in Fetchmail 6.3.0/6.3.1 fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster. | 5.0 |
| 2005-07-27 | CVE-2005-2335 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. | 5.0 |