Search for packages
Package details: pkg:deb/debian/fetchmail@6.3.18-2
purl pkg:deb/debian/fetchmail@6.3.18-2
Next non-vulnerable version 6.4.37-1
Latest non-vulnerable version 6.4.37-1
Risk 3.4
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-62nh-5871-aaar
Aliases:
CVE-2012-3482
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
6.3.26-1
Affected by 1 other vulnerability.
VCID-67up-vtns-aaak
Aliases:
CVE-2021-36386
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
6.4.16-4+deb11u1
Affected by 1 other vulnerability.
VCID-dqer-jfgw-aaaq
Aliases:
CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
6.3.26-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-pft5-dufe-aaas fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list. CVE-2010-1167
VCID-pwsr-jdkr-aaac socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2009-2666
VCID-rhgx-8qky-aaad The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping. CVE-2010-0562

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:11:01.358862+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T16:21:40.386505+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:26:06.011110+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:14:24.013614+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:31:27.885992+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:29:02.282881+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T05:26:48.812333+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak None 36.1.3
2025-06-21T00:06:08.119558+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas None 36.1.3
2025-06-20T23:35:35.879475+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq None 36.1.3
2025-06-20T22:29:12.987791+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar None 36.1.3
2025-06-20T22:21:48.858705+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac None 36.1.3
2025-06-20T21:16:32.271017+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad None 36.1.3
2025-06-08T12:25:11.298753+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:19:51.173537+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:10:36.222117+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:39:55.169118+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:07:48.485085+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:20:06.790363+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:19:19.961148+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:51:22.855081+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:49:46.077601+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T23:04:33.560978+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak None 36.1.0
2025-06-07T17:28:54.488934+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas None 36.1.0
2025-06-07T16:58:32.763233+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq None 36.1.0
2025-06-07T15:53:23.946374+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar None 36.1.0
2025-06-07T15:46:02.075094+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac None 36.1.0
2025-06-07T14:40:42.995892+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad None 36.1.0
2025-04-12T21:45:51.451177+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:27:17.440470+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:11:19.554779+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:05:46.781939+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:56:14.204475+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:24:36.043322+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T07:39:37.376372+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:52:23.988203+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:50:22.279828+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:22:33.052034+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:20:55.360537+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T21:36:40.086628+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak None 36.0.0
2025-04-07T16:03:22.897700+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas None 36.0.0
2025-04-07T15:31:40.592396+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq None 36.0.0
2025-04-07T14:24:19.029455+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar None 36.0.0
2025-04-07T14:16:45.541694+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac None 36.0.0
2025-04-07T13:12:43.717343+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad None 36.0.0
2024-11-29T04:22:12.115087+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T07:22:37.589252+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T15:36:05.844418+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T14:35:55.922720+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T06:06:56.030356+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-14T11:29:25.228559+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T20:01:31.887531+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T09:19:50.061303+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T08:38:13.459073+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T02:43:42.842370+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T09:00:35.830121+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T02:30:09.829088+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T22:03:38.017229+00:00 Debian Oval Importer Fixing VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T21:46:05.949475+00:00 Debian Oval Importer Fixing VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T19:37:38.807955+00:00 Debian Oval Importer Fixing VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1