Unrated severityNVD Advisory· Published Dec 31, 2006· Updated Apr 23, 2026

CVE-2006-5974

Description

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.

Affected products

Fetchmail/Fetchmail4 versions
cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/21902nvdPatch
secunia.com/advisories/23631nvdVendor Advisory
secunia.com/advisories/23804nvdVendor Advisory
secunia.com/advisories/23838nvdVendor Advisory
secunia.com/advisories/23923nvdVendor Advisory
secunia.com/advisories/24151nvdVendor Advisory
fedoranews.org/cms/node/2429nvd
fetchmail.berlios.de/fetchmail-SA-2006-03.txtnvd
osvdb.org/31836nvd
security.gentoo.org/glsa/glsa-200701-13.xmlnvd
securitytracker.com/idnvd
slackware.com/security/viewer.phpnvd
www.novell.com/linux/security/advisories/2007_4_sr.htmlnvd
www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.htmlnvd
www.securityfocus.com/archive/1/456114/100/0/threadednvd
www.trustix.org/errata/2007/0007nvd
www.vupen.com/english/advisories/2007/0087nvd
www.vupen.com/english/advisories/2007/0088nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000