In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because ‘\0’ characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | dovecot | <Â 1:2.3.7.2-1 | dovecot_1:2.3.7.2-1_all.deb |
Debian | 11 | all | dovecot | <Â 1:2.3.7.2-1 | dovecot_1:2.3.7.2-1_all.deb |
Debian | 10 | all | dovecot | <Â 1:2.3.4.1-5+deb10u1 | dovecot_1:2.3.4.1-5+deb10u1_all.deb |
Debian | 999 | all | dovecot | <Â 1:2.3.7.2-1 | dovecot_1:2.3.7.2-1_all.deb |
Debian | 13 | all | dovecot | <Â 1:2.3.7.2-1 | dovecot_1:2.3.7.2-1_all.deb |