Lucene search

CVE-2019-10691

🗓️ 24 Apr 2019 17:00:29Reported by mitreType

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username

Reporter	Title	Published	Views	Family All 38
Cvelist	CVE-2019-10691	24 Apr 201916:49	–	cvelist
NVD	CVE-2019-10691	24 Apr 201917:29	–	nvd
Tenable Nessus	FreeBSD : dovecot -- json encoder crash (a64aa22f-61ec-11e9-85b9-a4badb296695)	19 Apr 201900:00	–	nessus
Tenable Nessus	openSUSE Security Update : dovecot23 (openSUSE-2019-1312)	3 May 201900:00	–	nessus
Tenable Nessus	Ubuntu 18.10 / 19.04 : Dovecot vulnerability (USN-3951-1)	24 Apr 201900:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2019:0997-1)	24 Apr 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2019-1644)	27 Jun 201900:00	–	nessus
Tenable Nessus	GLSA-201908-29 : Dovecot: Multiple vulnerabilities	3 Sep 201900:00	–	nessus
UbuntuCve	CVE-2019-10691	18 Apr 201900:00	–	ubuntucve
Prion	Design/Logic Flaw	24 Apr 201917:29	–	prion

Nvd

Node

dovecot dovecotRange<2.3.5.2

Node

opensuse leapMatch15.0

Source	Link
dovecot	www.dovecot.org/list/dovecot-news/2019-April/000406.html
openwall	www.openwall.com/lists/oss-security/2019/04/18/3
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/
lists	www.lists.opensuse.org/opensuse-security-announce/2019-05/msg00000.html
security	www.security.gentoo.org/glsa/201908-29

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Apr 2019 17:29Current

6.1Medium risk

Vulners AI Score6.1

CVSS25

CVSS37.5

EPSS0.00381