dovecot -- json encoder crash

ID A64AA22F-61EC-11E9-85B9-A4BADB296695
Type freebsd
Reporter FreeBSD
Modified 2019-05-26T00:00:00


Aki Tuomi reports:

  • CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used.