report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

...

OESA-2021-1314 fetchmail security update

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...

PT-2021-3695 · Fetchmail +8 · Fetchmail +8

Name of the Vulnerable Software and Affected Versions: Fetchmail versions prior to 6.4.20 Description: The issue is related to the report vbuild function in report.c, which sometimes omits initialization of the vsnprintf va list argument. This might allow mail servers to cause a denial of service...