CVE-2020-10958

2020-05-1800:00:00

ubuntu.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an
unauthenticated use-after-free bug in submission-login, submission, or
lmtp, and can lead to a crash under circumstances involving many newlines
after a command.

Notes

Author	Note
alexmurray	According to upstream, versions from 2.3.0 to 2.3.10 are affected

OSVersionArchitecturePackageVersionFilename
ubuntu19.10noarchdovecot< 1:2.3.4.1-5ubuntu3.1UNKNOWN
ubuntu20.04noarchdovecot< 1:2.3.7.2-1ubuntu3.1UNKNOWN