oss-sec mailing list archives

Re: fetchmail-SA-2025-01: SMTP AUTH denial of service now called CVE-2025-61962.

From: Matthias Andree <matthias.andree () gmx de>
Date: Sat, 4 Oct 2025 11:41:10 +0200

Am 03.10.25 um 20:55 schrieb Alan Coopersmith:

https://www.fetchmail.info/fetchmail-SA-2025-01.txt reports:
fetchmail-SA-2025-01: SMTP AUTH denial of service

Topics:     fetchmail SMTP client can crash when authenticating

Author:     Matthias Andree
Version:    1.0
Announced:  2025-10-03
Type:       failure to validate network input in certain configurations
Impact:     fetchmail tries to read from address 1 and can crash
Severity:   moderate

URL:        https://www.fetchmail.info/fetchmail-SA-2025-01.txt
[...]

This has been named CVE-2025-61962. Updated announcement rev 1.1attached, only CVE ID and history of the document added.

Attachment: fetchmail-SA-2025-01.txt
Description:

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Current thread:

fetchmail-SA-2025-01: SMTP AUTH denial of service Alan Coopersmith (Oct 03)
- Re: fetchmail-SA-2025-01: SMTP AUTH denial of service now called CVE-2025-61962. Matthias Andree (Oct 04)