7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.011 Low
EPSS
Percentile
84.2%
Dovecot is an open source IMAP and POP3 email server.
Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details.
A remote attacker could send a specially crafted mail or send a specially crafted IMAP command possibly resulting in a Denial of Service condition or an authenticated remote attacker might be able to discover the file system directory structure and access other usersβ emails.
The information disclosure vulnerability can be mitigated by disabling IMAP hibernation feature which isnβt enabled by default.
All Dovecot users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.3.13"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-mail/dovecot | <Β 2.3.13 | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.011 Low
EPSS
Percentile
84.2%