VDB

OESA-2021-1360

OESA-2021-1360 PUBLISHED CVSS 9.300000190734863 CRITICAL

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. Security Fix(es): Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.(CVE-2021-39272)

Risk Scores

CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
openEuler:20.03-LTS-SP1fetchmail0, 0
openEuler:20.03-LTS-SP2fetchmail0, 0

Timeline

  • Sep 30, 2021 CVE Published
  • Sep 3, 2025 CVE Updated
  • May 2, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›