Search for packages
Package details: pkg:deb/debian/fetchmail@6.3.6-1etch3
purl pkg:deb/debian/fetchmail@6.3.6-1etch3
Next non-vulnerable version 6.4.37-1
Latest non-vulnerable version 6.4.37-1
Risk 4.5
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-62nh-5871-aaar
Aliases:
CVE-2012-3482
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
6.3.26-1
Affected by 1 other vulnerability.
VCID-67up-vtns-aaak
Aliases:
CVE-2021-36386
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
6.4.16-4+deb11u1
Affected by 1 other vulnerability.
VCID-9p5n-16kp-aaaf
Aliases:
CVE-2007-4565
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
6.3.9~rc2-4+lenny2
Affected by 6 other vulnerabilities.
VCID-dqer-jfgw-aaaq
Aliases:
CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
6.3.26-1
Affected by 1 other vulnerability.
VCID-pft5-dufe-aaas
Aliases:
CVE-2010-1167
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.
6.3.18-2
Affected by 3 other vulnerabilities.
VCID-pwsr-jdkr-aaac
Aliases:
CVE-2009-2666
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
6.3.18-2
Affected by 3 other vulnerabilities.
VCID-rhgx-8qky-aaad
Aliases:
CVE-2010-0562
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.
6.3.18-2
Affected by 3 other vulnerabilities.
VCID-yncr-147p-aaaa
Aliases:
CVE-2007-1558
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
6.3.9~rc2-4+lenny2
Affected by 6 other vulnerabilities.
VCID-yz49-uz86-aaar
Aliases:
CVE-2008-2711
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
6.3.9~rc2-4+lenny2
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:11:01.355261+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:46:23.779574+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:21:40.382044+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:26:06.007358+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:48:48.558749+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:14:24.010269+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:13:33.714656+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:31:27.881314+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:29:02.278311+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T05:26:48.808564+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak None 36.1.3
2025-06-21T00:22:24.930471+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar None 36.1.3
2025-06-21T00:06:08.115113+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas None 36.1.3
2025-06-20T23:42:44.332707+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa None 36.1.3
2025-06-20T23:35:35.874308+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq None 36.1.3
2025-06-20T22:29:12.984226+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar None 36.1.3
2025-06-20T22:21:48.855056+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac None 36.1.3
2025-06-20T21:16:32.268013+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad None 36.1.3
2025-06-20T20:35:13.408999+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf None 36.1.3
2025-06-08T12:25:11.295596+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:19:51.170373+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:10:36.218446+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:56:42.410365+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:39:55.166035+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:19:27.257940+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:07:48.481395+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:20:06.787221+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:43:50.829747+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:19:19.958188+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:18:47.150819+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:51:22.852090+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:49:46.074595+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T23:04:33.557272+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak None 36.1.0
2025-06-07T17:45:14.145803+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar None 36.1.0
2025-06-07T17:28:54.485968+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas None 36.1.0
2025-06-07T17:05:39.069968+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa None 36.1.0
2025-06-07T16:58:32.760242+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq None 36.1.0
2025-06-07T15:53:23.943372+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar None 36.1.0
2025-06-07T15:46:02.071993+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac None 36.1.0
2025-06-07T14:40:42.992224+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad None 36.1.0
2025-06-07T14:07:43.032876+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf None 36.1.0
2025-04-12T21:59:33.478759+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:45:51.440681+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:52:45.874354+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:27:17.430761+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:11:19.544574+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:05:46.771851+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:56:14.192880+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:41:52.204731+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:24:36.034343+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:00:23.788721+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:39:37.366507+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:52:23.977959+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:15:35.717158+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:50:22.268869+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:49:50.370690+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:22:33.042247+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:20:55.350718+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T21:36:40.075608+00:00 Debian Oval Importer Affected by VCID-67up-vtns-aaak None 36.0.0
2025-04-07T16:21:27.103222+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar None 36.0.0
2025-04-07T16:03:22.887673+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas None 36.0.0
2025-04-07T15:39:04.431052+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa None 36.0.0
2025-04-07T15:31:40.582329+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq None 36.0.0
2025-04-07T14:24:19.019414+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar None 36.0.0
2025-04-07T14:16:45.531683+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac None 36.0.0
2025-04-07T13:12:43.707607+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad None 36.0.0
2025-04-07T12:41:21.448688+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf None 36.0.0
2024-11-29T04:22:12.105333+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T07:22:37.578687+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T15:36:05.834428+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T14:35:55.912830+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T06:06:56.020389+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-26T16:11:03.554745+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-26T07:12:06.996159+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-26T01:48:53.600894+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-14T11:29:25.216901+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T20:01:31.877964+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T09:19:50.050997+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T08:38:13.449544+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T02:43:42.832573+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-12T17:20:25.462071+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-12T11:24:39.036791+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-12T07:56:29.804319+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T09:00:35.819569+00:00 Debian Oval Importer Affected by VCID-62nh-5871-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T02:30:09.817727+00:00 Debian Oval Importer Affected by VCID-dqer-jfgw-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T22:03:38.006594+00:00 Debian Oval Importer Affected by VCID-pft5-dufe-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T21:46:05.940205+00:00 Debian Oval Importer Affected by VCID-rhgx-8qky-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T19:37:38.794514+00:00 Debian Oval Importer Affected by VCID-pwsr-jdkr-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T16:23:55.816566+00:00 Debian Oval Importer Affected by VCID-yz49-uz86-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T14:33:45.131485+00:00 Debian Oval Importer Affected by VCID-9p5n-16kp-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T13:35:46.005774+00:00 Debian Oval Importer Affected by VCID-yncr-147p-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1