rpm package
almalinux/fetchmail
pkg:rpm/almalinux/fetchmail
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-39272 | Med | 5.9 | < 6.4.24-1.el8 | 6.4.24-1.el8 | Aug 30, 2021 | Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. | |
| CVE-2021-36386 | Hig | 7.5 | < 6.4.24-1.el8 | 6.4.24-1.el8 | Jul 30, 2021 | report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of |
- affected < 6.4.24-1.el8fixed 6.4.24-1.el8
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
- affected < 6.4.24-1.el8fixed 6.4.24-1.el8
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of