83 matches found
Null pointer dereference
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp...
Command injection
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...
CVE-2020-10958
Dovecot before 2.3.10.1 is affected by CVE-2020-10958 (use-after-free in submission-login/submission/lmtp). A crafted SMTP/LMTP message with many newlines after a command can trigger an unauthenticated crash, potentially leading to denial of service. Multiple connected advisories (Arch, Debian, F...
CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...
CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...
CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...
UBUNTU-CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...
UBUNTU-CVE-2020-10957
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp...
UBUNTU-CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
PT-2020-12455 · Dovecot +7 · Dovecot +7
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.10.1 Description: The issue allows remote unauthenticated attackers to crash the lmtp or submission process by sending mail with an empty localpart. Recommendations: For versions prior to 2.3.10.1, update to...
PT-2020-12448 · Dovecot +6 · Dovecot +6
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.10.1 Description: The issue arises from sending malformed parameters to a NOOP command, which causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. This can be triggered without...
Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service Vulnerabilities
------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference CWE-476 Vulnerable version: 2.3.0 - 2.3.10 Vulnerable component: submission, lmtp Report confidence: Confirmed Solution...
mail/dovecot -- multiple vulnerabilities
Aki Tuomi reports: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...
Man-in-the-Middle (MitM)
cyrus-imapd is vulnerable to man-in-the-middle MitM. The vulnerability exists as it was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject...
Dovecot -- Multiple vulnerabilities
Aki Tuomi reports: Vulnerability Details: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a trusted...
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...
Dovecot 2.3.9 < 2.3.9.3 Multiple Vulnerabilities
Dovecot is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...