Fetchmail 6.2.5.5

CPE Details

Fetchmail 6.2.5.5
fetchmail
fetchmail
6.2.5.5
2019-06-07
09h44 +00:00
2019-06-07
09h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:fetchmail:fetchmail:6.2.5.5:*:*:*:*:*:*:*

Informations

Vendor

fetchmail

Product

fetchmail

Version

6.2.5.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-39272 2021-08-30 03h05 +00:00 Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
5.9
Medium
CVE-2021-36386 2021-07-29 11h59 +00:00 report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
7.5
High
CVE-2009-2666 2009-08-07 16h33 +00:00 socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
6.4
CVE-2008-2711 2008-06-16 19h00 +00:00 fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
4.3
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.