{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-61962", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-10-06T14:20:57.032Z", "dateReserved": "2025-10-04T00:00:00.000Z", "datePublished": "2025-10-04T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "fetchmail", "vendor": "fetchmail", "versions": [{"lessThan": "6.5.6", "status": "affected", "version": "5.9.9", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-142", "description": "CWE-142 Improper Neutralization of Value Delimiters", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-04T02:51:57.449Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2025/10/03/2"}, {"url": "https://www.fetchmail.info/fetchmail-SA-2025-01.txt"}, {"url": "https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fetchmail:fetchmail:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9.9", "versionEndExcluding": "6.5.6"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T14:20:46.927097Z", "id": "CVE-2025-61962", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T14:20:57.032Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-61962", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T14:20:46.927097Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T14:20:52.023Z"}}], "cna": {"source": {"discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "fetchmail", "product": "fetchmail", "versions": [{"status": "affected", "version": "5.9.9", "lessThan": "6.5.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2025/10/03/2"}, {"url": "https://www.fetchmail.info/fetchmail-SA-2025-01.txt"}, {"url": "https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-142", "description": "CWE-142 Improper Neutralization of Value Delimiters"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fetchmail:fetchmail:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.5.6", "versionStartIncluding": "5.9.9"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-04T02:51:57.449Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61962", "state": "PUBLISHED", "dateUpdated": "2025-10-06T14:20:57.032Z", "dateReserved": "2025-10-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-10-04T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context."}], "id": "CVE-2025-61962", "lastModified": "2025-10-06T14:56:47.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-10-04T03:15:37.870", "references": [{"source": "cve@mitre.org", "url": "https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8"}, {"source": "cve@mitre.org", "url": "https://www.fetchmail.info/fetchmail-SA-2025-01.txt"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2025/10/03/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-142"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "fetchmail: Fetchmail denial of service", "id": "2401405", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401405"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-142", "details": ["In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-61962", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "fetchmail", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "fetchmail", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "fetchmail", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "fetchmail", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "fetchmail", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-61962\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61962\nhttps://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8\nhttps://www.fetchmail.info/fetchmail-SA-2025-01.txt\nhttps://www.openwall.com/lists/oss-security/2025/10/03/2"], "threat_severity": "Moderate"}