Fetchmail versions 6.3.9 and below suffer from a NULL pointer deference vulnerability that can be triggered by outside circumstances.
e889bf7cdbaba7aebf355424a2d6b8d4360c6f6f38d621864428465ddf5e0184
Ubuntu Security Notice 520-1 - Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service.
08fdf822b219ed0f0abf8b3431b5a4c1910e9651393d36ef7b66b19ca7021083
Debian Security Advisory 1377-2 - Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash.
4ee92c1fad9f4edda0d63f1087baa06c396a1ddbdf9a9f5cdba81ff9949d9832
Debian Security Advisory 1377-1 - Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash.
16ad80fc16b60510da6fad11ac0f5d822a84d3e12ea6688cdd824ab610d0e4fa
Mandriva Linux Security Advisory - A vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service.
d6adc5e6452115613daa4e2449d61f02ce1a29f3854463f68f2532657f2dd438