rpm package
opensuse/dovecot23&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/dovecot23&distro=openSUSE%20Tumbleweed
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23185 | Hig | 7.5 | < 2.3.21.1-1.1 | 2.3.21.1-1.1 | Sep 10, 2024 | Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_val | |
| CVE-2024-23184 | Med | 5.0 | < 2.3.21.1-1.1 | 2.3.21.1-1.1 | Sep 10, 2024 | Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by e | |
| CVE-2020-28200 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Jun 28, 2021 | The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | ||
| CVE-2021-33515 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Jun 28, 2021 | The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. | ||
| CVE-2021-29157 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Jun 28, 2021 | Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver. | ||
| CVE-2020-24386 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Jan 4, 2021 | An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | ||
| CVE-2020-12674 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Aug 12, 2020 | In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | ||
| CVE-2020-12673 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Aug 12, 2020 | In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | ||
| CVE-2020-12100 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Aug 12, 2020 | In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | ||
| CVE-2020-10967 | — | < 2.3.16-1.6 | 2.3.16-1.6 | May 18, 2020 | In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | ||
| CVE-2020-10958 | — | < 2.3.16-1.6 | 2.3.16-1.6 | May 18, 2020 | In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. | ||
| CVE-2020-10957 | — | < 2.3.16-1.6 | 2.3.16-1.6 | May 18, 2020 | In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. | ||
| CVE-2020-7957 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Feb 12, 2020 | The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. | ||
| CVE-2020-7046 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Feb 12, 2020 | lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. | ||
| CVE-2019-19722 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Dec 13, 2019 | In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. | ||
| CVE-2019-11500 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Aug 29, 2019 | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. | ||
| CVE-2019-11494 | — | < 2.3.16-1.6 | 2.3.16-1.6 | May 8, 2019 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | ||
| CVE-2019-11499 | — | < 2.3.16-1.6 | 2.3.16-1.6 | May 8, 2019 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | ||
| CVE-2019-10691 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Apr 24, 2019 | The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. | ||
| CVE-2019-7524 | — | < 2.3.16-1.6 | 2.3.16-1.6 | Mar 28, 2019 | In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. |
- affected < 2.3.21.1-1.1fixed 2.3.21.1-1.1
Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_val
- affected < 2.3.21.1-1.1fixed 2.3.21.1-1.1
Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by e
- CVE-2020-28200Jun 28, 2021affected < 2.3.16-1.6fixed 2.3.16-1.6
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
- CVE-2021-33515Jun 28, 2021affected < 2.3.16-1.6fixed 2.3.16-1.6
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
- CVE-2021-29157Jun 28, 2021affected < 2.3.16-1.6fixed 2.3.16-1.6
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.
- CVE-2020-24386Jan 4, 2021affected < 2.3.16-1.6fixed 2.3.16-1.6
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
- CVE-2020-12674Aug 12, 2020affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
- CVE-2020-12673Aug 12, 2020affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
- CVE-2020-12100Aug 12, 2020affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
- CVE-2020-10967May 18, 2020affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
- CVE-2020-10958May 18, 2020affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
- CVE-2020-10957May 18, 2020affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
- CVE-2020-7957Feb 12, 2020affected < 2.3.16-1.6fixed 2.3.16-1.6
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.
- CVE-2020-7046Feb 12, 2020affected < 2.3.16-1.6fixed 2.3.16-1.6
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
- CVE-2019-19722Dec 13, 2019affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
- CVE-2019-11500Aug 29, 2019affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
- CVE-2019-11494May 8, 2019affected < 2.3.16-1.6fixed 2.3.16-1.6
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
- CVE-2019-11499May 8, 2019affected < 2.3.16-1.6fixed 2.3.16-1.6
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
- CVE-2019-10691Apr 24, 2019affected < 2.3.16-1.6fixed 2.3.16-1.6
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
- CVE-2019-7524Mar 28, 2019affected < 2.3.16-1.6fixed 2.3.16-1.6
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
Page 1 of 2