Lucene search

K

GoogleOSV:CVE-2021-39272

HistoryAug 30, 2021 - 6:15 a.m.

CVE-2021-39272

2021-08-3006:15:06

Google

osv.dev

11

fetchmail

starttls

encryption

imap

preauth

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

55.7%

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

References

www.openwall.com/lists/oss-security/2021/08/27/3

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XJ6XLEJCEZCAM5LGGD6XBCC522QLG4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMKSEHAQSEDCWZMAOJEGX3P3JW6QY6H/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYCYLL73NP7ALJWSDICIVSA47ZIXWSSA/

nostarttls.secvuln.info/

security.gentoo.org/glsa/202209-14

www.fetchmail.info/security.html

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

55.7%

Related for OSV:CVE-2021-39272

nessus17 fedora3 openvas11 cve1 debiancve1 redhatcve1 suse4 alpinelinux1 veracode1 prion1 cbl_mariner1 nvd1 freebsd1 mageia1 cvelist1 ubuntucve1 almalinux1 oraclelinux1 osv2 rocky1 gentoo1 redhat1