{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","type":"deb","namespace":"debian","name":"fetchmail","version":"6.4.16-4+deb11u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.4.22-1","latest_non_vulnerable_version":"6.6.3-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7109?format=json","vulnerability_id":"VCID-4zfz-95n5-8ugz","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39272.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39272.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39272","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39825","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39736","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39799","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39822","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39272"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999190","reference_id":"1999190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999190"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993163","reference_id":"993163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993163"},{"reference_url":"https://security.archlinux.org/AVG-2326","reference_id":"AVG-2326","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2326"},{"reference_url":"https://security.gentoo.org/glsa/202209-14","reference_id":"GLSA-202209-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1964","reference_id":"RHSA-2022:1964","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1964"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94156?format=json","purl":"pkg:deb/debian/fetchmail@6.4.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2021-39272"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zfz-95n5-8ugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67256?format=json","vulnerability_id":"VCID-td28-7qem-kfep","summary":"In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61962.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61962","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19309","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19359","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19354","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61962"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117136","reference_id":"1117136","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117136"},{"reference_url":"https://www.openwall.com/lists/oss-security/2025/10/03/2","reference_id":"2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T14:20:46Z/"}],"url":"https://www.openwall.com/lists/oss-security/2025/10/03/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401405","reference_id":"2401405","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401405"},{"reference_url":"https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8","reference_id":"4c3cebfa4e659fb778ca2cae0ccb3f69201609a8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T14:20:46Z/"}],"url":"https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8"},{"reference_url":"https://www.fetchmail.info/fetchmail-SA-2025-01.txt","reference_id":"fetchmail-SA-2025-01.txt","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T14:20:46Z/"}],"url":"https://www.fetchmail.info/fetchmail-SA-2025-01.txt"},{"reference_url":"https://usn.ubuntu.com/7838-1/","reference_id":"USN-7838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94158?format=json","purl":"pkg:deb/debian/fetchmail@6.5.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.5.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2025-61962"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-td28-7qem-kfep"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67236?format=json","vulnerability_id":"VCID-1rab-kh4g-wfgy","summary":"Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0792.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0792","reference_id":"","reference_type":"","scores":[{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80383","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80408","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80411","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0792"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617087","reference_id":"1617087","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617087"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94135?format=json","purl":"pkg:deb/debian/fetchmail@6.2.5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2003-0792"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rab-kh4g-wfgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67240?format=json","vulnerability_id":"VCID-2bpq-s1jb-j3d1","summary":"fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0321.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0321.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0321","reference_id":"","reference_type":"","scores":[{"value":"0.14329","scoring_system":"epss","scoring_elements":"0.94532","published_at":"2026-06-04T12:55:00Z"},{"value":"0.14329","scoring_system":"epss","scoring_elements":"0.94541","published_at":"2026-06-05T12:55:00Z"},{"value":"0.14329","scoring_system":"epss","scoring_elements":"0.94543","published_at":"2026-06-06T12:55:00Z"},{"value":"0.14329","scoring_system":"epss","scoring_elements":"0.94545","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747","reference_id":"348747","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94140?format=json","purl":"pkg:deb/debian/fetchmail@6.3.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2006-0321"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bpq-s1jb-j3d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67253?format=json","vulnerability_id":"VCID-3mtj-rbe4-bygx","summary":"report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36386.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36386","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49607","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49614","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36386"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1987766","reference_id":"1987766","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1987766"},{"reference_url":"https://security.archlinux.org/AVG-2238","reference_id":"AVG-2238","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2238"},{"reference_url":"https://security.gentoo.org/glsa/202209-14","reference_id":"GLSA-202209-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1964","reference_id":"RHSA-2022:1964","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1964"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94153?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2021-36386"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mtj-rbe4-bygx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67239?format=json","vulnerability_id":"VCID-5mtd-9vs2-mkcp","summary":"fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4348.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4348.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4348","reference_id":"","reference_type":"","scores":[{"value":"0.09993","scoring_system":"epss","scoring_elements":"0.93186","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09993","scoring_system":"epss","scoring_elements":"0.93197","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09993","scoring_system":"epss","scoring_elements":"0.93194","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617856","reference_id":"1617856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617856"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836","reference_id":"343836","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0018","reference_id":"RHSA-2007:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0018"},{"reference_url":"https://usn.ubuntu.com/233-1/","reference_id":"USN-233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94139?format=json","purl":"pkg:deb/debian/fetchmail@6.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2005-4348"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mtd-9vs2-mkcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67243?format=json","vulnerability_id":"VCID-5p19-bhcy-fffn","summary":"sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4565.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4565.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4565","reference_id":"","reference_type":"","scores":[{"value":"0.03076","scoring_system":"epss","scoring_elements":"0.87007","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03076","scoring_system":"epss","scoring_elements":"0.8703","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03076","scoring_system":"epss","scoring_elements":"0.87028","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03076","scoring_system":"epss","scoring_elements":"0.87023","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=260601","reference_id":"260601","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=260601"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440006","reference_id":"440006","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1427","reference_id":"RHSA-2009:1427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1427"},{"reference_url":"https://usn.ubuntu.com/520-1/","reference_id":"USN-520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94143?format=json","purl":"pkg:deb/debian/fetchmail@6.3.8-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.8-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2007-4565"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p19-bhcy-fffn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67246?format=json","vulnerability_id":"VCID-8cwf-bk7m-h3eg","summary":"The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0562.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0562.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0562","reference_id":"","reference_type":"","scores":[{"value":"0.01751","scoring_system":"epss","scoring_elements":"0.82906","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01751","scoring_system":"epss","scoring_elements":"0.82933","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01751","scoring_system":"epss","scoring_elements":"0.82932","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01751","scoring_system":"epss","scoring_elements":"0.82929","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0562"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=561839","reference_id":"561839","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=561839"},{"reference_url":"https://security.gentoo.org/glsa/201006-12","reference_id":"GLSA-201006-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94147?format=json","purl":"pkg:deb/debian/fetchmail@6.3.13-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.13-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2010-0562"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cwf-bk7m-h3eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67241?format=json","vulnerability_id":"VCID-avqj-8btm-gfdd","summary":"fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5867.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5867","reference_id":"","reference_type":"","scores":[{"value":"0.0669","scoring_system":"epss","scoring_elements":"0.91406","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0669","scoring_system":"epss","scoring_elements":"0.91419","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0669","scoring_system":"epss","scoring_elements":"0.91421","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0669","scoring_system":"epss","scoring_elements":"0.91418","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=221984","reference_id":"221984","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=221984"},{"reference_url":"https://security.gentoo.org/glsa/200701-13","reference_id":"GLSA-200701-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200701-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0018","reference_id":"RHSA-2007:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0018"},{"reference_url":"https://usn.ubuntu.com/405-1/","reference_id":"USN-405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/405-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94141?format=json","purl":"pkg:deb/debian/fetchmail@6.3.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2006-5867"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avqj-8btm-gfdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67251?format=json","vulnerability_id":"VCID-debr-wchc-h7a4","summary":"Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3482.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3482.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3482","reference_id":"","reference_type":"","scores":[{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72868","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72906","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72913","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72896","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3482"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847988","reference_id":"847988","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847988"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94151?format=json","purl":"pkg:deb/debian/fetchmail@6.3.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2012-3482"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-debr-wchc-h7a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67235?format=json","vulnerability_id":"VCID-dwqz-6p7y-9fax","summary":"Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the \"@\" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1365.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1365","reference_id":"","reference_type":"","scores":[{"value":"0.04772","scoring_system":"epss","scoring_elements":"0.89642","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04772","scoring_system":"epss","scoring_elements":"0.89659","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04772","scoring_system":"epss","scoring_elements":"0.8966","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616887","reference_id":"1616887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2002:293","reference_id":"RHSA-2002:293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2002:293"},{"reference_url":"https://access.redhat.com/errata/RHSA-2002:294","reference_id":"RHSA-2002:294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2002:294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:155","reference_id":"RHSA-2003:155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:155"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94134?format=json","purl":"pkg:deb/debian/fetchmail@6.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2002-1365"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwqz-6p7y-9fax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67237?format=json","vulnerability_id":"VCID-fdpq-937n-63hu","summary":"Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses.  NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2335.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2335.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2335","reference_id":"","reference_type":"","scores":[{"value":"0.06437","scoring_system":"epss","scoring_elements":"0.91223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06437","scoring_system":"epss","scoring_elements":"0.91235","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06437","scoring_system":"epss","scoring_elements":"0.91232","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617705","reference_id":"1617705","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617705"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320357","reference_id":"320357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:640","reference_id":"RHSA-2005:640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:640"},{"reference_url":"https://usn.ubuntu.com/153-1/","reference_id":"USN-153-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/153-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94136?format=json","purl":"pkg:deb/debian/fetchmail@6.2.5-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2005-2335"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fdpq-937n-63hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67234?format=json","vulnerability_id":"VCID-jw6n-vfc4-nqhh","summary":"The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1175.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1175","reference_id":"","reference_type":"","scores":[{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80383","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80408","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80411","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1175"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616857","reference_id":"1616857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2002:215","reference_id":"RHSA-2002:215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2002:215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2002:216","reference_id":"RHSA-2002:216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2002:216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:155","reference_id":"RHSA-2003:155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:155"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94129?format=json","purl":"pkg:deb/debian/fetchmail@6.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2002-1175"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jw6n-vfc4-nqhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67244?format=json","vulnerability_id":"VCID-k2vh-hcbd-8ubq","summary":"fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2711.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2711.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2711","reference_id":"","reference_type":"","scores":[{"value":"0.03347","scoring_system":"epss","scoring_elements":"0.87539","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03347","scoring_system":"epss","scoring_elements":"0.8756","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03347","scoring_system":"epss","scoring_elements":"0.87559","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03347","scoring_system":"epss","scoring_elements":"0.87558","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=451758","reference_id":"451758","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=451758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1427","reference_id":"RHSA-2009:1427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1427"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94145?format=json","purl":"pkg:deb/debian/fetchmail@6.3.9~rc2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.9~rc2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2008-2711"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2vh-hcbd-8ubq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3126?format=json","vulnerability_id":"VCID-n6na-y3zc-eqa2","summary":"Gaëtan Leurent informed us of a weakness in APOP\nauthentication that could allow an attacker to recover the first\npart of your mail password if the attacker could interpose\na malicious mail server on your network masquerading as your legitimate\nmail server. With normal settings it could take several hours for\nthe attacker to gather enough data to recover just a few characters\nof the password. This result was presented at the\nFast Software Encryption 2007 conference.In a rump session at the same conference a team from The University of\nElectro-Communications claimed that a variant on the same hash-collision\nattack allowed them to recover a 31 character password.Fixed versions of Thunderbird and SeaMonkey mail prevent this\ntechnique by stricter enforcement of the Message-ID format used\nby APOP.POP mail accounts which do not use any authentication are\ncommon and in the same hypothetical situation the password could\nbe recovered immediately without any special programming on the\nattacker's part.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1558","reference_id":"","reference_type":"","scores":[{"value":"0.1342","scoring_system":"epss","scoring_elements":"0.94326","published_at":"2026-06-04T12:55:00Z"},{"value":"0.1342","scoring_system":"epss","scoring_elements":"0.94335","published_at":"2026-06-05T12:55:00Z"},{"value":"0.1342","scoring_system":"epss","scoring_elements":"0.94336","published_at":"2026-06-06T12:55:00Z"},{"value":"0.1342","scoring_system":"epss","scoring_elements":"0.94337","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1558"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=241191","reference_id":"241191","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=241191"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558","reference_id":"CVE-2007-1558","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558"},{"reference_url":"https://security.gentoo.org/glsa/200706-06","reference_id":"GLSA-200706-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200706-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2007-15","reference_id":"mfsa2007-15","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2007-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0344","reference_id":"RHSA-2007:0344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0353","reference_id":"RHSA-2007:0353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0385","reference_id":"RHSA-2007:0385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0386","reference_id":"RHSA-2007:0386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0401","reference_id":"RHSA-2007:0401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0402","reference_id":"RHSA-2007:0402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1140","reference_id":"RHSA-2009:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1140"},{"reference_url":"https://usn.ubuntu.com/469-1/","reference_id":"USN-469-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/469-1/"},{"reference_url":"https://usn.ubuntu.com/520-1/","reference_id":"USN-520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94142?format=json","purl":"pkg:deb/debian/fetchmail@6.3.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2007-1558"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6na-y3zc-eqa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67250?format=json","vulnerability_id":"VCID-pqsn-4an8-zfgu","summary":"fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1947.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1947.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1947","reference_id":"","reference_type":"","scores":[{"value":"0.02444","scoring_system":"epss","scoring_elements":"0.85463","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02444","scoring_system":"epss","scoring_elements":"0.85486","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02444","scoring_system":"epss","scoring_elements":"0.85491","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1947"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709284","reference_id":"709284","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709284"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94151?format=json","purl":"pkg:deb/debian/fetchmail@6.3.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2011-1947"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqsn-4an8-zfgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67238?format=json","vulnerability_id":"VCID-ukt2-jxtg-6ubv","summary":"fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3088.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3088","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2602","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26123","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26118","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26072","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617779","reference_id":"1617779","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617779"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336096","reference_id":"336096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336096"},{"reference_url":"https://security.gentoo.org/glsa/200511-06","reference_id":"GLSA-200511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:823","reference_id":"RHSA-2005:823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:823"},{"reference_url":"https://usn.ubuntu.com/215-1/","reference_id":"USN-215-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/215-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94138?format=json","purl":"pkg:deb/debian/fetchmail@6.2.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2005-3088"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukt2-jxtg-6ubv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67233?format=json","vulnerability_id":"VCID-vm5f-essz-9fc2","summary":"Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1174.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1174","reference_id":"","reference_type":"","scores":[{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.89027","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.89044","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.89046","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.89045","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1174"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1174","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1174"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616856","reference_id":"1616856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2002:215","reference_id":"RHSA-2002:215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2002:215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2002:216","reference_id":"RHSA-2002:216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2002:216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:155","reference_id":"RHSA-2003:155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:155"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94129?format=json","purl":"pkg:deb/debian/fetchmail@6.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2002-1174"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vm5f-essz-9fc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67245?format=json","vulnerability_id":"VCID-wvv8-4977-7yga","summary":"socket.c in fetchmail before 6.3.11 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2666.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2666.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2666","reference_id":"","reference_type":"","scores":[{"value":"0.00665","scoring_system":"epss","scoring_elements":"0.71611","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00665","scoring_system":"epss","scoring_elements":"0.71655","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00665","scoring_system":"epss","scoring_elements":"0.71662","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00665","scoring_system":"epss","scoring_elements":"0.71638","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=515804","reference_id":"515804","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=515804"},{"reference_url":"https://security.gentoo.org/glsa/201006-12","reference_id":"GLSA-201006-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1427","reference_id":"RHSA-2009:1427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1427"},{"reference_url":"https://usn.ubuntu.com/816-1/","reference_id":"USN-816-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/816-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94146?format=json","purl":"pkg:deb/debian/fetchmail@6.3.9~rc2-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.9~rc2-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2009-2666"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvv8-4977-7yga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67242?format=json","vulnerability_id":"VCID-xcf8-t38u-6qhg","summary":"fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5974.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5974.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5974","reference_id":"","reference_type":"","scores":[{"value":"0.13761","scoring_system":"epss","scoring_elements":"0.9441","published_at":"2026-06-04T12:55:00Z"},{"value":"0.13761","scoring_system":"epss","scoring_elements":"0.94418","published_at":"2026-06-05T12:55:00Z"},{"value":"0.13761","scoring_system":"epss","scoring_elements":"0.94421","published_at":"2026-06-06T12:55:00Z"},{"value":"0.13761","scoring_system":"epss","scoring_elements":"0.94423","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5974"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974"},{"reference_url":"https://security.gentoo.org/glsa/200701-13","reference_id":"GLSA-200701-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200701-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94141?format=json","purl":"pkg:deb/debian/fetchmail@6.3.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2006-5974"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcf8-t38u-6qhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67249?format=json","vulnerability_id":"VCID-z6hd-xps2-sbbz","summary":"fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1167.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1167","reference_id":"","reference_type":"","scores":[{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74005","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74038","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74042","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74028","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=583819","reference_id":"583819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=583819"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94148?format=json","purl":"pkg:deb/debian/fetchmail@6.3.16-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.16-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94130?format=json","purl":"pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zfz-95n5-8ugz"},{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94128?format=json","purl":"pkg:deb/debian/fetchmail@6.4.37-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94132?format=json","purl":"pkg:deb/debian/fetchmail@6.4.39-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-td28-7qem-kfep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94131?format=json","purl":"pkg:deb/debian/fetchmail@6.6.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.6.3-3%3Fdistro=trixie"}],"aliases":["CVE-2010-1167"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6hd-xps2-sbbz"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1%3Fdistro=trixie"}