Aggregates CVE and security vulnerability intelligence across all fetchmail-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk input validation, vendor risk buffer overflow, and vendor risk path handling, with potential vendor impact unexpected behavior across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2002-0146 | fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. | [email protected] | 5.0 | 1.49% | 2002-06-25 | 2026-06-16 |
| CVE-2001-0819 | A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. | [email protected] | 7.5 | 6.37% | 2001-12-06 | 2026-06-16 |
| CVE-2001-1378 | fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. | [email protected] | 2.1 | 0.34% | 2001-09-06 | 2026-06-16 |
| CVE-2001-1009 | Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. | [email protected] | 10.0 | 6.52% | 2001-08-31 | 2026-06-16 |
| CVE-2001-0101 | Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command. | [email protected] | 10.0 | 1.81% | 2001-02-12 | 2026-06-16 |