Filtered by vendor Fetchmail
Subscriptions
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-1947 | 1 Fetchmail | 1 Fetchmail | 2024-08-06 | N/A |
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets. | ||||
CVE-2012-3482 | 1 Fetchmail | 1 Fetchmail | 2024-08-06 | N/A |
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. | ||||
CVE-2021-39272 | 3 Fedoraproject, Fetchmail, Redhat | 3 Fedora, Fetchmail, Enterprise Linux | 2024-08-04 | 5.9 Medium |
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. | ||||
CVE-2021-36386 | 3 Fedoraproject, Fetchmail, Redhat | 3 Fedora, Fetchmail, Enterprise Linux | 2024-08-04 | 7.5 High |
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. |