The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
CPE | Name | Operator | Version |
---|---|---|---|
core | eq | 2.2.1 | |
core | eq | 2.1.rc2 | |
dovecot | eq | 2.3.5.1-r3 | |
dovecot | eq | 1.2.6-r0 | |
dovecot | eq | 2.2.19-r0 | |
core | eq | 2.2.7 | |
dovecot | eq | 2.0.10-r0 | |
dovecot | eq | 2.2.33.2-r1 | |
dovecot | eq | 2.2.33.2-r2 | |
core | eq | 1.1.alpha5 |
lists.opensuse.org/opensuse-security-announce/2019-05/msg00000.html
www.openwall.com/lists/oss-security/2019/04/18/3
dovecot.org/list/dovecot-news/2019-April/000406.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/
security.gentoo.org/glsa/201908-29