The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
Base Score: 5
Impact Score: 2.9
Exploitability Score: 10
Base Score: 7.5
Impact Score: 3.6
Exploitability Score: 3.9
|152758||openSUSE 15 Security Update : fetchmail (openSUSE-SU-2021:1183-1)||Nessus||SuSE Local Security Checks|
|152721||openSUSE 15 Security Update : fetchmail (openSUSE-SU-2021:2791-1)||Nessus||SuSE Local Security Checks|
|152715||SUSE SLED15 / SLES15 Security Update : fetchmail (SUSE-SU-2021:2791-1)||Nessus||SuSE Local Security Checks|
|152677||SUSE SLES12 Security Update : fetchmail (SUSE-SU-2021:2771-1)||Nessus||SuSE Local Security Checks|
|152150||FreeBSD : fetchmail -- 6.4.19 and older denial of service or information disclosure (cbfd1874-efea-11eb-8fe9-036bd763ff35)||Nessus||FreeBSD Local Security Checks|