rpm package
suse/dovecot22&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/dovecot22&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30550 | — | < 2.2.31-19.29.1 | 2.2.31-19.29.1 | Jul 17, 2022 | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied | ||
| CVE-2020-24386 | — | < 2.2.31-19.25.1 | 2.2.31-19.25.1 | Jan 4, 2021 | An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | ||
| CVE-2020-12674 | — | < 2.2.31-19.22.1 | 2.2.31-19.22.1 | Aug 12, 2020 | In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | ||
| CVE-2020-12673 | — | < 2.2.31-19.22.1 | 2.2.31-19.22.1 | Aug 12, 2020 | In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | ||
| CVE-2019-11500 | — | < 2.2.31-19.17.1 | 2.2.31-19.17.1 | Aug 29, 2019 | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. |
- CVE-2022-30550Jul 17, 2022affected < 2.2.31-19.29.1fixed 2.2.31-19.29.1
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied
- CVE-2020-24386Jan 4, 2021affected < 2.2.31-19.25.1fixed 2.2.31-19.25.1
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
- CVE-2020-12674Aug 12, 2020affected < 2.2.31-19.22.1fixed 2.2.31-19.22.1
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
- CVE-2020-12673Aug 12, 2020affected < 2.2.31-19.22.1fixed 2.2.31-19.22.1
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
- CVE-2019-11500Aug 29, 2019affected < 2.2.31-19.17.1fixed 2.2.31-19.17.1
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.