Lucene search

Ubuntu.comUB:CVE-2020-10967

HistoryMay 18, 2020 - 12:00 a.m.

CVE-2020-10967

2020-05-1800:00:00

ubuntu.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.038 Low

EPSS

Percentile

91.7%

JSON

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the
lmtp or submission process by sending mail with an empty localpart.

Notes

Author	Note
alexmurray	According to upstream, versions from 2.3.0 to 2.3.10 are affected

OSVersionArchitecturePackageVersionFilename
ubuntu19.10noarchdovecot< 1:2.3.4.1-5ubuntu3.1UNKNOWN
ubuntu20.04noarchdovecot< 1:2.3.7.2-1ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	19.10	noarch	dovecot	< 1:2.3.4.1-5ubuntu3.1	UNKNOWN
ubuntu	20.04	noarch	dovecot	< 1:2.3.7.2-1ubuntu3.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2020-10967

nvd.nist.gov/vuln/detail/CVE-2020-10967

security-tracker.debian.org/tracker/CVE-2020-10967

ubuntu.com/security/notices/USN-4361-1

www.cve.org/CVERecord?id=CVE-2020-10967

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.038 Low

EPSS

Percentile

91.7%

JSON

Related for UB:CVE-2020-10967