{"id":"CVE-2021-36386","details":"report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.","modified":"2026-03-20T04:10:38.945856Z","published":"2021-07-30T14:15:18.140Z","related":["ALSA-2022:1964","MGASA-2021-0391","SUSE-SU-2021:2771-1","SUSE-SU-2021:2791-1","SUSE-SU-2021:4018-1","SUSE-SU-2024:3006-1","openSUSE-SU-2021:1183-1","openSUSE-SU-2021:1591-1","openSUSE-SU-2021:2791-1","openSUSE-SU-2021:4018-1","openSUSE-SU-2024:10753-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGYO5AHSXTCKA4NQC2Z4H3XMMYNAGC77/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIXKO6QW3AUHGJVWKJXBCOVBYJUJRBFC/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-14"},{"type":"ADVISORY","url":"https://www.fetchmail.info/fetchmail-SA-2021-01.txt"},{"type":"ADVISORY","url":"https://www.fetchmail.info/security.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2021/07/28/5"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/08/09/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/fetchmail/fetchmail","events":[{"introduced":"0"},{"fixed":"8a808068a3f351b1bdcfc85c5abdade073a27504"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.4.20"}]}}],"versions":["BRANCH_6-3","RELEASE_1-0-0","RELEASE_1-8-0","RELEASE_1-9-0","RELEASE_1-9-2","RELEASE_1-9-3","RELEASE_1-9-4","RELEASE_1-9-5","RELEASE_1-9-6","RELEASE_1-9-8","RELEASE_1-9-9","RELEASE_1-9a","RELEASE_2-0-0","RELEASE_2-1-0","RELEASE_2-1-1","RELEASE_2-1-2","RELEASE_2-1-3","RELEASE_2-2-0","RELEASE_2-3-0","RELEASE_2-4-0","RELEASE_2-4-0bis","RELEASE_2-6-0","RELEASE_2-7-0","RELEASE_2-8-0","RELEASE_2-8bis","RELEASE_2-8tris","RELEASE_3-0-0","RELEASE_3-3-0","RELEASE_3-3-1","RELEASE_3-4-0","RELEASE_3-5-0","RELEASE_3-6-0","RELEASE_3-7-0","RELEASE_3-8-0","RELEASE_3-9-0","RELEASE_3-9-1","RELEASE_3-9-2","RELEASE_3-9-3","RELEASE_3-9-4","RELEASE_3-9-5","RELEASE_3-9-6","RELEASE_3-9-7","RELEASE_3-9-8","RELEASE_4-0-0","RELEASE_4-0-0bis","RELEASE_4-0-1","RELEASE_4-0-3","RELEASE_4-0-4","RELEASE_4-0-5","RELEASE_4-0-8","RELEASE_4-1-0","RELEASE_4-1-1","RELEASE_4-1-2","RELEASE_4-1-5","RELEASE_4-1-6","RELEASE_4-1-7","RELEASE_4-1-8","RELEASE_4-2-0","RELEASE_4-2-1","RELEASE_4-2-3","RELEASE_4-2-4","RELEASE_4-2-5","RELEASE_4-2-6","RELEASE_4-2-7","RELEASE_4-2-9","RELEASE_4-3-0","RELEASE_4-3-1","RELEASE_4-3-2","RELEASE_4-3-3","RELEASE_4-3-4","RELEASE_4-3-5","RELEASE_4-3-6","RELEASE_4-3-7","RELEASE_4-3-8","RELEASE_4-3-8bis","RELEASE_4-3-9","RELEASE_4-4-0","RELEASE_4-4-2","RELEASE_4-4-3","RELEASE_4-4-4","RELEASE_4-4-5","RELEASE_4-4-5bis","RELEASE_4-4-6","RELEASE_4-4-6bis","RELEASE_4-4-7","RELEASE_4-4-8","RELEASE_4-4-9","RELEASE_4-5-0","RELEASE_4-5-0bis","RELEASE_4-5-1","RELEASE_4-5-2","RELEASE_4-5-3","RELEASE_4-5-4","RELEASE_4-5-5","RELEASE_4-5-6","RELEASE_4-5-7","RELEASE_4-5-8","RELEASE_4-6-0","RELEASE_4-6-1","RELEASE_4-6-2","RELEASE_4-6-3","RELEASE_4-6-4","RELEASE_4-6-5","RELEASE_4-6-6","RELEASE_4-6-7","RELEASE_4-6-8","RELEASE_4-6-9","RELEASE_4-7-0","RELEASE_4-7-1","RELEASE_4-7-2","RELEASE_4-7-3","RELEASE_4-7-4","RELEASE_4-7-5","RELEASE_4-7-6","RELEASE_4-7-7","RELEASE_4-7-8","RELEASE_4-7-9","RELEASE_5-0-0","RELEASE_5-0-2","RELEASE_5-0-3","RELEASE_5-0-4","RELEASE_5-0-5","RELEASE_5-0-6","RELEASE_5-0-7","RELEASE_5-0-8","RELEASE_5-1-1","RELEASE_5-1-2","RELEASE_5-1-3","RELEASE_5-1-4","RELEASE_5-2-3","RELEASE_5-2-4","RELEASE_5-2-5","RELEASE_5-2-6","RELEASE_5-2-7","RELEASE_5-2-8","RELEASE_5-3-0","RELEASE_5-3-1","RELEASE_5-3-3","RELEASE_5-3-4","RELEASE_5-3-5","RELEASE_5-3-6","RELEASE_5-3-7","RELEASE_5-3-8","RELEASE_5-4-0","RELEASE_5-4-1","RELEASE_5-4-3","RELEASE_5-4-4","RELEASE_5-4-5","RELEASE_5-5-0","RELEASE_5-5-1","RELEASE_5-5-2","RELEASE_5-5-3","RELEASE_5-5-4","RELEASE_5-5-5","RELEASE_5-5-6","RELEASE_5-6-0","RELEASE_5-6-1","RELEASE_5-6-2","RELEASE_5-6-4","RELEASE_5-6-5","RELEASE_5-6-6","RELEASE_5-6-7","RELEASE_5-6-8","RELEASE_5-7-0","RELEASE_5-7-1","RELEASE_5-7-2","RELEASE_5-7-3","RELEASE_5-7-4","RELEASE_5-7-5","RELEASE_5-7-6","RELEASE_5-7-7","RELEASE_5-8-10","RELEASE_5-8-11","RELEASE_5-8-12","RELEASE_5-8-15","RELEASE_5-8-16","RELEASE_5-8-17","RELEASE_5-8-3","RELEASE_5-8-4","RELEASE_5-8-5","RELEASE_5-8-7","RELEASE_5-8-8","RELEASE_5-9-0","RELEASE_5-9-1","RELEASE_5-9-10","RELEASE_5-9-11","RELEASE_5-9-12","RELEASE_5-9-13","RELEASE_5-9-14","RELEASE_5-9-2","RELEASE_5-9-3","RELEASE_5-9-5","RELEASE_5-9-6","RELEASE_5-9-7","RELEASE_5-9-9","RELEASE_6-0-0","RELEASE_6-1-0","RELEASE_6-1-1","RELEASE_6-1-2","RELEASE_6-1-3","RELEASE_6-2-0","RELEASE_6-2-1","RELEASE_6-2-2","RELEASE_6-2-3","RELEASE_6-2-4","RELEASE_6-2-5","RELEASE_6-3-0","RELEASE_6-3-1","RELEASE_6-3-10","RELEASE_6-3-11","RELEASE_6-3-12","RELEASE_6-3-13","RELEASE_6-3-14","RELEASE_6-3-15","RELEASE_6-3-16","RELEASE_6-3-17","RELEASE_6-3-18","RELEASE_6-3-19","RELEASE_6-3-2","RELEASE_6-3-20","RELEASE_6-3-21","RELEASE_6-3-22","RELEASE_6-3-23","RELEASE_6-3-24","RELEASE_6-3-25","RELEASE_6-3-26","RELEASE_6-3-2_4678","RELEASE_6-3-3","RELEASE_6-3-4","RELEASE_6-3-5","RELEASE_6-3-6","RELEASE_6-3-7","RELEASE_6-3-8","RELEASE_6-3-8_5093","RELEASE_6-3-9","RELEASE_6-3-9_5248","RELEASE_6-4-0","RELEASE_6-4-1","RELEASE_6-4-10","RELEASE_6-4-11","RELEASE_6-4-12","RELEASE_6-4-13","RELEASE_6-4-14","RELEASE_6-4-15","RELEASE_6-4-16","RELEASE_6-4-17","RELEASE_6-4-18","RELEASE_6-4-19","RELEASE_6-4-2","RELEASE_6-4-3","RELEASE_6-4-4","RELEASE_6-4-5","RELEASE_6-4-6","RELEASE_6-4-7","RELEASE_6-4-8","RELEASE_6-4-9","SNAPSHOT-6_2_6-pre5","SNAPSHOT-6_2_6-pre6","SNAPSHOT-6_2_6-pre7","SNAPSHOT-6_2_6-pre8","SNAPSHOT-6_2_6-pre9","SNAPSHOT-6_2_9-rc1","SNAPSHOT-6_2_9-rc10","SNAPSHOT-6_2_9-rc2","SNAPSHOT-6_2_9-rc3","SNAPSHOT-6_2_9-rc4","SNAPSHOT-6_2_9-rc5","SNAPSHOT-6_2_9-rc6","SNAPSHOT-6_2_9-rc7","SNAPSHOT-6_2_9-rc8","SNAPSHOT-6_2_9-rc9","SNAPSHOT-6_4_0_beta2","SNAPSHOT-6_4_0_beta3","SNAPSHOT-6_4_0_beta4","SNAPSHOT-6_4_0_beta5","SNAPSHOT-6_4_0_rc1","SNAPSHOT-6_4_0_rc2","SNAPSHOT-6_4_0_rc3","SNAPSHOT-6_4_0_rc4","SNAPSHOT-6_4_2_rc1","SNAPSHOT-6_4_2_rc2","SNAPSHOT-6_4_2_rc3","SNAPSHOT_6-2-6-pre3","SNAPSHOT_6-2-6-pre4","SNAPSHOT_6-3-1-rc1","SNAPSHOT_6-3-10-beta1","SNAPSHOT_6-3-15-beta1","SNAPSHOT_6-3-15-beta2","SNAPSHOT_6-3-15-beta3","SNAPSHOT_6-3-17-pre1","SNAPSHOT_6-3-18-pre1","SNAPSHOT_6-3-18-pre2","SNAPSHOT_6-3-19-pre1","SNAPSHOT_6-3-2-rc1","SNAPSHOT_6-3-2-rc2","SNAPSHOT_6-3-2-rc3","SNAPSHOT_6-3-2-rc4","SNAPSHOT_6-3-20-pre1","SNAPSHOT_6-3-20-rc2","SNAPSHOT_6-3-20-rc3","SNAPSHOT_6-3-3-rc1","SNAPSHOT_6-3-3-rc2","SNAPSHOT_6-3-4-rc1","SNAPSHOT_6-3-4-rc2","SNAPSHOT_6-3-5-beta1","SNAPSHOT_6-3-5-beta2","SNAPSHOT_6-3-5-beta3","SNAPSHOT_6-3-6-rc1","SNAPSHOT_6-3-6-rc2","SNAPSHOT_6-3-6-rc3","SNAPSHOT_6-3-6-rc4","SNAPSHOT_6-3-6-rc5","SNAPSHOT_6-3-7-rc1","SNAPSHOT_6-3-8-rc1","SNAPSHOT_6-3-8-rc2","SNAPSHOT_6-3-8-rc3","SNAPSHOT_6-3-9-rc1","SNAPSHOT_6-3-9-rc2","SNAPSHOT_6-3-9-rc3","SNAPSHOT_6-4-13-rc1","SNAPSHOT_6-4-13-rc2","SNAPSHOT_6-4-16-rc1","SNAPSHOT_6-4-18-rc1","SNAPSHOT_6-4-3-beta1","SNAPSHOT_6-4-3-rc1","SNAPSHOT_6-4-3-rc2","SNAPSHOT_6-4-5-rc1","SNAPSHOT_6-4-5-rc2","before-automake","p302a"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36386.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}