OESA-2025-2425
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2425
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2425.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-2425
- Upstream
- Published
- 2025-10-17T14:54:23Z
- Modified
- 2025-10-17T15:32:54.031010Z
- Summary
- fetchmail security update
- Details
-
Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client.
Security Fix(es):
In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context. This vulnerability is classified as CWE-142. The product receives input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component, which impacts availability.(CVE-2025-61962)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:22.03-LTS-SP4 / fetchmail
Package
- Name
- fetchmail
- Purl
- pkg:rpm/openEuler/fetchmail&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.4.22-3.oe2203sp4
Ecosystem specific
{
"x86_64": [
"fetchmail-6.4.22-3.oe2203sp4.x86_64.rpm",
"fetchmail-debuginfo-6.4.22-3.oe2203sp4.x86_64.rpm",
"fetchmail-debugsource-6.4.22-3.oe2203sp4.x86_64.rpm"
],
"aarch64": [
"fetchmail-6.4.22-3.oe2203sp4.aarch64.rpm",
"fetchmail-debuginfo-6.4.22-3.oe2203sp4.aarch64.rpm",
"fetchmail-debugsource-6.4.22-3.oe2203sp4.aarch64.rpm"
],
"src": [
"fetchmail-6.4.22-3.oe2203sp4.src.rpm"
]
}