FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-23 17:04:23 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
21fba35e-a05f-11f0-a8b8-a1ef31191bc1fetchmail -- potential crash when authenticating to SMTP server

Matthias Andree reports:

fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This address is constant and not under the attacker's control. This event will usually cause a crash of fetchmail.


Discovery 2025-10-02
Entry 2025-10-03
Modified 2025-10-04
fetchmail
>= 5.9.9 lt 6.5.6

CVE-2025-61962
https://www.fetchmail.info/fetchmail-SA-2025-01.txt
https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_6x/fetchmail-SA-2025-01.txt?ref_type=heads
https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8