CVE-2025-61962

Name
CVE-2025-61962
Description
In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8
cve@mitre.org https://www.fetchmail.info/fetchmail-SA-2025-01.txt
cve@mitre.org https://www.openwall.com/lists/oss-security/2025/10/03/2
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/10/04/3

Match rules

CPE URI Source package Min version Max version
fetchmail >= 5.9.9 < 6.5.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
fetchmail edge-community 6.5.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
fetchmail edge-community 6.5.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
fetchmail edge-community 6.5.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
fetchmail edge-community 6.5.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
fetchmail 3.22-community 6.5.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
fetchmail 3.22-community 6.5.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable