In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | dovecot | < 1:2.3.11.3+dfsg1-1 | dovecot_1:2.3.11.3+dfsg1-1_all.deb |
Debian | 11 | all | dovecot | < 1:2.3.11.3+dfsg1-1 | dovecot_1:2.3.11.3+dfsg1-1_all.deb |
Debian | 10 | all | dovecot | < 1:2.3.4.1-5+deb10u3 | dovecot_1:2.3.4.1-5+deb10u3_all.deb |
Debian | 999 | all | dovecot | < 1:2.3.11.3+dfsg1-1 | dovecot_1:2.3.11.3+dfsg1-1_all.deb |
Debian | 13 | all | dovecot | < 1:2.3.11.3+dfsg1-1 | dovecot_1:2.3.11.3+dfsg1-1_all.deb |