oss-security - Re: fetchmail-SA-2025-01: SMTP AUTH denial of service now called CVE-2025-61962.

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <b46b418a-98f1-4896-903d-318b1009a180@gmx.de>
Date: Sat, 4 Oct 2025 11:41:10 +0200
From: Matthias Andree <matthias.andree@....de>
To: oss-security@...ts.openwall.com
Subject: Re: fetchmail-SA-2025-01: SMTP AUTH denial of service
 now called CVE-2025-61962.

Am 03.10.25 um 20:55 schrieb Alan Coopersmith:

> https://www.fetchmail.info/fetchmail-SA-2025-01.txt reports:
> fetchmail-SA-2025-01: SMTP AUTH denial of service
>
> Topics:     fetchmail SMTP client can crash when authenticating
>
> Author:     Matthias Andree
> Version:    1.0
> Announced:  2025-10-03
> Type:       failure to validate network input in certain configurations
> Impact:     fetchmail tries to read from address 1 and can crash
> Severity:   moderate
>
> URL:        https://www.fetchmail.info/fetchmail-SA-2025-01.txt
> [...]

This has been named CVE-2025-61962. Updated announcement rev 1.1 
attached, only CVE ID and history of the document added.

View attachment "fetchmail-SA-2025-01.txt" of type "text/plain" (4581 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (841 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.