{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"fetchmail security update", "category":"general", "title":"Synopsis" }, { "text":"An update for fetchmail is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client.\n\nSecurity Fix(es):\n\nIn fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context. This vulnerability is classified as CWE-142. The product receives input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component, which impacts availability.(CVE-2025-61962)", "category":"general", "title":"Description" }, { "text":"An update for fetchmail is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"fetchmail", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2427", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2427" }, { "summary":"CVE-2025-61962", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61962&packageName=fetchmail" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61962" }, { "summary":"openEuler-SA-2025-2427 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-2427.json" } ], "title":"An update for fetchmail is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-10-17T22:57:17+08:00", "revision_history":[ { "date":"2025-10-17T22:57:17+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-10-17T22:57:17+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-10-17T22:57:17+08:00", "id":"openEuler-SA-2025-2427", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"fetchmail-6.4.37-2.oe2403sp1.x86_64.rpm", "name":"fetchmail-6.4.37-2.oe2403sp1.x86_64.rpm" }, "name":"fetchmail-6.4.37-2.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64.rpm", "name":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64.rpm" }, "name":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64.rpm", "name":"fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64.rpm" }, "name":"fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"fetchmail-6.4.37-2.oe2403sp1.aarch64.rpm", "name":"fetchmail-6.4.37-2.oe2403sp1.aarch64.rpm" }, "name":"fetchmail-6.4.37-2.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64.rpm", "name":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64.rpm" }, "name":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64.rpm", "name":"fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64.rpm" }, "name":"fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"fetchmail-6.4.37-2.oe2403sp1.src.rpm", "name":"fetchmail-6.4.37-2.oe2403sp1.src.rpm" }, "name":"fetchmail-6.4.37-2.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"fetchmail-6.4.37-2.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.x86_64", "name":"fetchmail-6.4.37-2.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64", "name":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64", "name":"fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"fetchmail-6.4.37-2.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.aarch64", "name":"fetchmail-6.4.37-2.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64", "name":"fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64", "name":"fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"fetchmail-6.4.37-2.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.src", "name":"fetchmail-6.4.37-2.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-61962", "notes":[ { "text":"In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context. This vulnerability is classified as CWE-142. The product receives input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component, which impacts availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.src" ], "details":"fetchmail security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2427" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-debuginfo-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-debugsource-6.4.37-2.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-debuginfo-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-debugsource-6.4.37-2.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:fetchmail-6.4.37-2.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-61962" } ] }