Primary

Context

Fetchmail Denial-of-Service Vulnerability in SMTP Authentication

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Fetchmail versions prior to 6.5.6. When the SMTP client authenticates and receives a 334 status code in a malformed context, Fetchmail can crash. This issue arises because the client attempts to read from a memory location that is not under the attacker's control, leading to a crash. If Fetchmail is running in daemon mode, this mode will also terminate due to the crash.

Impact

Exploiting this vulnerability causes Fetchmail to crash, including any active daemon processes, which can disrupt mail retrieval and delivery operations.

Remediation

Users can upgrade to Fetchmail version 6.5.6 or newer. The Fetchmail source code is available on SourceForge and GitLab. Alternatively, the specific patch for this vulnerability can be applied and Fetchmail can be rebuilt.

Added: Oct 4, 2025, 3:21 AM

Updated: Oct 4, 2025, 3:21 AM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fetchmail Denial-of-Service Vulnerability in SMTP Authentication

Vulnerability

Impact

Remediation

Affected Products

fetchmail

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating