Lucene search

K

GoogleOSV:CVE-2019-11500

HistoryAug 29, 2019 - 2:15 p.m.

CVE-2019-11500

2019-08-2914:15:11

Google

osv.dev

5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.614 Medium

EPSS

Percentile

97.7%

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because ‘\0’ characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

CPENameOperatorVersion
coreeq0.4.7.rc2
coreeq0.1.1
dovecoteq2.3.5.1-r3
dovecoteq1.2.6-r0
dovecoteq2.2.19-r0
dovecoteq2.0.10-r0
dovecoteq2.2.33.2-r1
coreeq0.4.10
coreeq0.2.0
dovecoteq2.2.33.2-r2

Rows per page:

1-10 of 2001

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html

www.openwall.com/lists/oss-security/2019/08/28/3

access.redhat.com/errata/RHSA-2019:2822

access.redhat.com/errata/RHSA-2019:2836

access.redhat.com/errata/RHSA-2019:2885

dovecot.org/pipermail/dovecot-news/2019-August/000417.html

lists.debian.org/debian-lts-announce/2019/08/msg00035.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/

security.gentoo.org/glsa/201908-29

www.dovecot.org/security.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.614 Medium

EPSS

Percentile

97.7%

Related for OSV:CVE-2019-11500