CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
89.8%
Severity: Medium
Date : 2019-05-06
CVE-ID : CVE-2019-11494 CVE-2019-11499
Package : dovecot
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-954
The package dovecot before version 2.3.6-1 is vulnerable to denial of
service.
Upgrade to 2.3.6-1.
The problems have been fixed upstream in version 2.3.6.
None.
Submission-login crashes with signal 11 due to null pointer access when
authentication is aborted by disconnecting. This can lead to denial-of
service attack by persistent attacker(s).
Submission-login crashes when authentication is started over TLS
secured channel and invalid authentication message is sent. This can
lead to denial-of-service attack by persistent attacker(s).
A remote attacker is able to cause a denial of service by sending
invalid authentication messages or aborting the authentication process.
https://dovecot.org/doc/NEWS-2.3
https://www.mail-archive.com/[email protected]/msg06126.html
https://dovecot.org/pipermail/dovecot/2019-April/115757.html
https://dovecot.org/pipermail/dovecot/2019-April/115758.html
https://security.archlinux.org/CVE-2019-11494
https://security.archlinux.org/CVE-2019-11499
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
89.8%