vulnerability

FreeBSD: VID-21fba35e-a05f-11f0-a8b8-a1ef31191bc1 (CVE-2025-61962): fetchmail -- potential crash when authenticating to SMTP server

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:N/I:N/A:C)	Oct 3, 2025	Dec 10, 2025	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

Oct 3, 2025

Added

Dec 10, 2025

Modified

Dec 10, 2025

Description

Matthias Andree reports: fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This address is constant and not under the attacker's control. This event will usually cause a crash of fetchmail.

Solution

freebsd-upgrade-package-fetchmail

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today