CyberSec.Space Logo
Back to CVE Browser

CVE-2005-4348

HIGH
7.8
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile31.41th
PublishedDec 21, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.

Affected Platforms (CPE)

πŸ“¦
Fetchmail

Fetchmail

>= 6.2.0 and < 6.2.5.5
πŸ“¦
Fetchmail

Fetchmail

>= 6.3.0 and < 6.3.1

References & Advisories

πŸ”— ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
πŸ”— http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836
πŸ”— http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt
πŸ”— http://secunia.com/advisories/17891
πŸ”— http://secunia.com/advisories/18172
πŸ”— http://secunia.com/advisories/18231
πŸ”— http://secunia.com/advisories/18266
πŸ”— http://secunia.com/advisories/18433

Related Vulnerabilities

CVE-2001-010110.0

Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.

CVE-2001-100910.0

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrar...

CVE-2020-52398.7

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a...

CVE-2006-58677.8

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circ...