rpm package
suse/dovecot22&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/dovecot22&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-24386 | — | < 2.2.31-19.25.1 | 2.2.31-19.25.1 | Jan 4, 2021 | An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | ||
| CVE-2020-12674 | — | < 2.2.31-19.22.1 | 2.2.31-19.22.1 | Aug 12, 2020 | In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | ||
| CVE-2020-12673 | — | < 2.2.31-19.22.1 | 2.2.31-19.22.1 | Aug 12, 2020 | In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | ||
| CVE-2019-11500 | — | < 2.2.31-19.17.1 | 2.2.31-19.17.1 | Aug 29, 2019 | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. |
- CVE-2020-24386Jan 4, 2021affected < 2.2.31-19.25.1fixed 2.2.31-19.25.1
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
- CVE-2020-12674Aug 12, 2020affected < 2.2.31-19.22.1fixed 2.2.31-19.22.1
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
- CVE-2020-12673Aug 12, 2020affected < 2.2.31-19.22.1fixed 2.2.31-19.22.1
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
- CVE-2019-11500Aug 29, 2019affected < 2.2.31-19.17.1fixed 2.2.31-19.17.1
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.