PT-2021-22500 · Fetchmail+7 · Fetchmail+7

Andrew C. Aitchison

Published

2021-08-30

Updated

2024-06-15

CVE-2021-39272

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Fetchmail versions prior to 6.4.22

Description The issue is related to Fetchmail's failure to enforce STARTTLS session encryption under certain circumstances, such as with IMAP and PREAUTH.

Recommendations For versions prior to 6.4.22, update to version 6.4.22 or later to resolve the issue.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

ALSA-2022:1964

ALT-PU-2021-3301

ALT-PU-2022-2513

AZL-7227

CESA-2022_1964

CVE-2021-39272

MGASA-2021-0548

OESA-2021-1360

OPENSUSE-SU-2021:1416-1

OPENSUSE-SU-2021:1591-1

OPENSUSE-SU-2021:3493-1

OPENSUSE-SU-2021:4018-1

OPENSUSE-SU-2021_1416-1

OPENSUSE-SU-2021_1591-1

OPENSUSE-SU-2021_3493-1

OPENSUSE-SU-2021_4018-1

OPENSUSE-SU-2024:11573-1

RHSA-2022:1964

RHSA-2022_1964

RLSA-2022:1964

SUSE-SU-2021:3492-1

SUSE-SU-2021:3493-1

SUSE-SU-2021:4018-1

SUSE-SU-2021_3492-1

SUSE-SU-2021_3493-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Fetchmail

Red Hat

Rocky Linux

Suse

PT-2021-22500 · Fetchmail+7 · Fetchmail+7

CVE-2021-39272

Weakness Enumeration

Related Identifiers

Affected Products

References · 60