VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 12, 2020· Updated Aug 4, 2024

CVE-2020-12673

CVE-2020-12673

Description

Dovecot before 2.3.11.3 is vulnerable to a denial of service via a specially crafted NTLM request that causes an out-of-bounds read, crashing the auth service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dovecot before 2.3.11.3 is vulnerable to a denial of service via a specially crafted NTLM request that causes an out-of-bounds read, crashing the auth service.

Vulnerability

Dovecot versions before 2.3.11.3 contain an out-of-bounds read vulnerability in the NTLM authentication mechanism. The NTLM implementation does not correctly check message buffer size, leading to reading past allocated memory when a specially formatted NTLM request is received [3]. This affects the auth service component [3].

Exploitation

An unauthenticated remote attacker can send a specially crafted NTLM request to the Dovecot server. The vulnerability requires no authentication or user interaction [3]. By exploiting the out-of-bounds read, the attacker causes the auth process to crash.

Impact

Successful exploitation results in a denial of service (DoS) of the Dovecot auth service. The crash prevents legitimate authentication, disrupting email service [1][2]. The CVSS score is 7.5 (High) with a N/I/A impact of None/None/High [3].

Mitigation

The fix is available in Dovecot version 2.3.11.3 [3]. Ubuntu released updated packages in USN-4456-1 (for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 LTS) and USN-4456-2 (for Ubuntu 14.04 ESM) [1][2]. Users should upgrade to the fixed version or apply the appropriate distribution update.

References
  1. USN-4456-2: Dovecot vulnerabilities | Ubuntu security notices | Ubuntu
  2. USN-4456-1: Dovecot vulnerabilities | Ubuntu security notices | Ubuntu
  3. security - CVE-2020-12673: Dovecot IMAP server: Specially crafted NTLM package can crash auth service

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

30

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing buffer size validation in Dovecot's NTLM implementation causes an out-of-bounds read when processing a specially crafted NTLM request."

Attack vector

An unauthenticated remote attacker sends a specially formatted NTLM request to the Dovecot server. The NTLM implementation does not correctly check the message buffer size, leading to an out-of-bounds read past the allocated memory [ref_id=1]. This out-of-bounds read causes the auth service process to crash, and an adversary can repeat this to prevent legitimate logins [ref_id=1]. The attack is network-based, requires no authentication, and has a CVSS score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) [ref_id=1].

Affected code

The vulnerability resides in Dovecot's NTLM authentication implementation within the auth component. The advisory identifies the vulnerable component as "auth" and the vulnerable version as 2.2, with the fix in 2.3.11.3 [ref_id=1]. No specific function or file names are provided in the bundle.

What the fix does

The advisory states the fix is available in Dovecot version 2.3.11.3 [ref_id=1]. No patch diff is included in the bundle, so the exact code changes are not visible. The advisory recommends upgrading to the fixed version and notes that disabling NTLM authentication can serve as a workaround [ref_id=1].

Preconditions

  • configThe Dovecot server must have NTLM authentication enabled
  • authNo authentication is required; the attacker can be unauthenticated
  • networkThe attacker must be able to send network traffic to the Dovecot server (e.g., on port 110 for POP3)
  • inputThe attacker sends a specially crafted NTLM request payload

Reproduction

The advisory includes reproduction steps [ref_id=1]: (1) Run `(echo 'AUTH NTLM'; echo -ne 'NTLMSSP\x00\x01\x00\x00\x00\x00\x02\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' | base64 -w0; echo; echo -ne 'NTLMSSP\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AA\x00\x00\x41\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00orange\x00' | base64 -w0; echo; echo QUIT) | nc 127.0.0.1 110` against the Dovecot server.

Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

12

News mentions

0

No linked articles in our index yet.