83 matches found
CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...
Design/Logic Flaw
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...
CVE-2020-7957
CVE-2020-7957 affects the Dovecot IMAP and LMTP components. In versions 2.3.9 through before 2.3.9.3, snippet generation can mishandle when many characters must be read to compute a snippet and a trailing > exists, leading to a denial of service where the recipient cannot read all messages. Th...
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...
CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...
CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...
CVE-2020-7046
CVE-2020-7046 affects Dovecot components lib-smtp (submission-login) and lmtp in 2.3.9 prior to 2.3.9.3, where truncated UTF-8 data in command parameters can be triggered unauthenticated, causing a submission-login infinite loop (DoS). Public references in multiple advisories confirm the vulnerab...
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...
CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...
FreeBSD : OpenSMTPd -- critical LPE / RCE vulnerability (08f5c27d-4326-11ea-af8b-00155d0a0200)
OpenSMTPD developers report : An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
dovecot -- multiple vulnerabilities
Aki Tuomi reports: lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP where it doesn't matter so much and also for submission-login where unauthenticated users can trigger it. Aki also reports: Snippet...
openSUSE Security Update : dovecot23 (openSUSE-2019-243)
This update for dovecot23 fixes the following issues : dovecot was updated to 2.3.3 release, bringing lots of bugfixes bsc1124356. Also the following security issue was fixed : - CVE-2019-3814: A vulnerability in Dovecot related to SSL client certificate authentication was fixed bsc1123022 The...
CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian: Security Advisory (DSA-2258-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
dovecot security and enhancement update
2.0.9-2 - fix issues and assert crashes found in 2.0.9 lmtp,dotlock,zlib 2.0.9-1 - dovecot updated to 2.0.9 - fixed a high system CPU usage / high context switch count performance problem - lda: Fixed a crash when trying to send 'out of quota' reply 2.0.8-1 - dovecot updated to 2.0.8 fixes 654226...
Fetchmail: Denial of Service and password disclosure
Background Fetchmail is a remote mail retrieval and forwarding utility. Description Neil Hoggarth has discovered that when delivering messages to a message delivery agent by means of the "mda" option, Fetchmail passes a NULL pointer to the ferror and fflush functions when refusing a message. Isaa...