Fetchmail: >> Fetchmail >> 4.5.8 Security Vulnerabilities
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
CVSS Score
5.0
EPSS Score
0.013
Published
2002-10-11
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
CVSS Score
5.0
EPSS Score
0.009
Published
2002-06-25
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
CVSS Score
7.5
EPSS Score
0.072
Published
2001-12-06
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
CVSS Score
2.1
EPSS Score
0.0
Published
2001-09-06
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
CVSS Score
10.0
EPSS Score
0.131
Published
2001-08-31
Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.
CVSS Score
10.0
EPSS Score
0.004
Published
2001-02-12
Page 2