rpm package
opensuse/dovecot23&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/dovecot23&distro=openSUSE%20Leap%2015.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11500 | — | < 2.3.3-lp150.14.1 | 2.3.3-lp150.14.1 | Aug 29, 2019 | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. | ||
| CVE-2019-11494 | — | < 2.3.3-lp150.14.1 | 2.3.3-lp150.14.1 | May 8, 2019 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | ||
| CVE-2019-11499 | — | < 2.3.3-lp150.14.1 | 2.3.3-lp150.14.1 | May 8, 2019 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | ||
| CVE-2019-10691 | — | < 2.3.3-lp150.11.1 | 2.3.3-lp150.11.1 | Apr 24, 2019 | The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. | ||
| CVE-2019-7524 | — | < 2.3.3-lp150.8.2 | 2.3.3-lp150.8.2 | Mar 28, 2019 | In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. |
- CVE-2019-11500Aug 29, 2019affected < 2.3.3-lp150.14.1fixed 2.3.3-lp150.14.1
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
- CVE-2019-11494May 8, 2019affected < 2.3.3-lp150.14.1fixed 2.3.3-lp150.14.1
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
- CVE-2019-11499May 8, 2019affected < 2.3.3-lp150.14.1fixed 2.3.3-lp150.14.1
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
- CVE-2019-10691Apr 24, 2019affected < 2.3.3-lp150.11.1fixed 2.3.3-lp150.11.1
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
- CVE-2019-7524Mar 28, 2019affected < 2.3.3-lp150.8.2fixed 2.3.3-lp150.8.2
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.